CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-26296 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26297 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26298 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26299 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26300 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26301 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26302 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-26303 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-1754 The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1904 The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'accordion' shortcode in all versions up to, and including, 1.0 due... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1901 The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitizati... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1903 The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sb_ravelry_designs' shortcode in all versions up to, and including, 1.0.... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1905 The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'show_sphere_image' shortcode in all versions up to, and including, 1.0.2 due to i... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1910 The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and includ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1915 The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' parameter in the 'plyr' shortcode in all versions up to, and including, 0.0.1 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1939 The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `percent_to_graph` shortcode in all versions up to, and including, 1.0 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1512 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2024 The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied para... | 7.5 | HIGH | — | 0 |
| CVE-2025-8572 The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0550 The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycred_load_coupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input san... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1249 The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load_lyrics_ajax_callback' func... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-1254 The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly ve... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1258 The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and in... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-1843 The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and outpu... | 7.2 | HIGH | — | 0 |
| CVE-2025-71224 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined ieee80211_ocb_rx_no_sta() assumes a valid channel context, which ... | N/A | NONE | — | 0 |
| CVE-2026-23174 In the Linux kernel, the following vulnerability has been resolved: nvme-pci: handle changing device dma map requirements The initial state of dma_needs_unmap may be false, but change to true while ... | N/A | NONE | — | 0 |
| CVE-2026-23176 In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines toshiba_haps_add() leaks the haps object allocated by it if it... | N/A | NONE | — | 0 |
| CVE-2026-23177 In the Linux kernel, the following vulnerability has been resolved: mm, shmem: prevent infinite loop on truncate race When truncating a large swap entry, shmem_free_swap() returns 0 when the entry's... | N/A | NONE | — | 0 |
| CVE-2025-32060 The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able ... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-32061 The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-suppli... | 8.8 | HIGH | — | 0 |
| CVE-2025-32062 The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-suppli... | 8.8 | HIGH | — | 0 |
| CVE-2025-32063 There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the foll... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-2539 The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and counters tr... | N/A | NONE | — | 0 |
| CVE-2026-2540 The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the ... | N/A | NONE | — | 0 |
| CVE-2026-2541 The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a bru... | N/A | NONE | — | 0 |
| CVE-2026-2564 A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak p... | 8.1 | HIGH | — | 0 |
| CVE-2026-2517 A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-25367 ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attacker... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-25368 OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriv... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-25369 OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. At... | 6.4 | MEDIUM | — | 0 |
| CVE-2019-25370 OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25371 OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host paramete... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2521 A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corru... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2522 A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. I... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2523 A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2524 A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2538 A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled... | 7.0 | HIGH | — | 0 |
| CVE-2026-0998 Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endp... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0999 Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2550 A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack ma... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.