CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-26275 httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to mis... | 7.5 | HIGH | — | 0 |
| CVE-2026-26314 go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. Th... | 7.5 | HIGH | — | 0 |
| CVE-2026-26315 go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to ext... | 7.5 | HIGH | — | 0 |
| CVE-2026-26316 OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopba... | 7.5 | HIGH | — | 0 |
| CVE-2026-26317 OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding re... | 7.1 | HIGH | — | 0 |
| CVE-2026-24122 Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be consider... | 3.7 | LOW | — | 0 |
| CVE-2026-26319 OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKe... | 7.5 | HIGH | — | 0 |
| CVE-2026-26320 OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the `openclaw://` URL scheme. For `openclaw://agent` deep links without an unattended `key`, the app shows a confirmation d... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26321 OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem p... | 7.5 | HIGH | — | 0 |
| CVE-2026-26322 OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied `gatewayUrl` without sufficient restrictions, which could cause the OpenClaw host to... | 7.6 | HIGH | — | 0 |
| CVE-2026-2605 Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-30410 Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyb... | N/A | NONE | — | 0 |
| CVE-2025-30411 Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (... | N/A | NONE | — | 0 |
| CVE-2025-30412 Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (... | N/A | NONE | — | 0 |
| CVE-2025-30416 Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Li... | N/A | NONE | — | 0 |
| CVE-2026-26967 PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. T... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26980 Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1. | 9.4 | CRITICAL | — | 0 |
| CVE-2026-26996 minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a ... | 7.5 | HIGH | — | 0 |
| CVE-2026-27017 uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Ch... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2384 The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-27317 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27318 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27319 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27320 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27321 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27322 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27323 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27324 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27325 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2024-52387 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-70831 A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter bef... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20761 A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages res... | 8.1 | HIGH | — | 0 |
| CVE-2026-22344 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | — | 0 |
| CVE-2026-22345 Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Im... | 8.8 | HIGH | — | 0 |
| CVE-2026-22346 Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider... | 8.8 | HIGH | — | 0 |
| CVE-2026-22352 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affe... | 7.1 | HIGH | — | 0 |
| CVE-2026-22354 Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Ban... | 8.8 | HIGH | — | 0 |
| CVE-2026-25715 The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the w... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26048 The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without auth... | 7.5 | HIGH | — | 0 |
| CVE-2026-26049 The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administra... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-26093 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26095 Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26096 Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26097 Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26713 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24891 openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearma... | 7.5 | HIGH | — | 0 |
| CVE-2026-2832 Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, potentially exposing address book entries and other device configuration information through specific AP... | N/A | NONE | — | 0 |
| CVE-2026-27533 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27534 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27025 pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This require... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.