CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-58366 Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs en... | N/A | NONE | — | 0 |
| CVE-2025-58367 DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a... | N/A | NONE | — | 0 |
| CVE-2025-58370 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indire... | 8.1 | HIGH | — | 0 |
| CVE-2025-58371 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-58372 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace)... | 8.1 | HIGH | — | 0 |
| CVE-2025-58373 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This a... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-26383 Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memor... | 7.9 | HIGH | — | 0 |
| CVE-2025-58375 Rejected reason: This CVE is a duplicate of another CVE. | N/A | NONE | — | 0 |
| CVE-2025-6067 The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` and `data-linktext` parameters in all versi... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-7366 The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due ... | 7.3 | HIGH | — | 0 |
| CVE-2025-7368 The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajax_action_re_ge... | 5.3 | MEDIUM | — | 0 |
| CVE-2008-6918 Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it ... | N/A | NONE | — | 0 |
| CVE-2025-10003 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘upload_file_remove’... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-21970 Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity. | 4.4 | MEDIUM | — | 0 |
| CVE-2025-58374 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve i... | 7.8 | HIGH | — | 0 |
| CVE-2025-58904 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58905 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58906 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58907 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58908 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58909 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58910 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58911 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-58912 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-8359 The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authent... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-8360 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including, 1.5.5.1 due to insuf... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9085 The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and l... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-9515 The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This mak... | 7.2 | HIGH | — | 0 |
| CVE-2025-9853 The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient input sa... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-7040 The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() func... | 8.2 | HIGH | — | 0 |
| CVE-2025-7045 The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-8149 The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.1.2 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-8564 The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.7 due to insufficient input sanitization and... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-36326 Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity... | 8.4 | HIGH | — | 0 |
| CVE-2025-8722 The Content Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid and List widgets in all versions up to, and including, 4.1 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9126 The Smart Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9442 The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vodsChannel’ parameter in all versions up to, and including, 1.1.5 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-9493 The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitizatio... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-6757 The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-10046 The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3 due to ins... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-9961 An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issu... | N/A | NONE | — | 0 |
| CVE-2021-26377 Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of se... | 4.1 | MEDIUM | — | 0 |
| CVE-2021-46750 Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (... | 3.0 | LOW | — | 0 |
| CVE-2023-20516 Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. | 3.3 | LOW | — | 0 |
| CVE-2023-31306 Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bou... | 3.3 | LOW | — | 0 |
| CVE-2023-31322 Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write ... | 8.7 | HIGH | — | 0 |
| CVE-2023-31325 Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting in loss of confidentialit... | 7.2 | HIGH | — | 0 |
| CVE-2023-31326 Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality. | 2.8 | LOW | — | 0 |
| CVE-2023-31330 An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality. | 2.5 | LOW | — | 0 |
| CVE-2023-31351 Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory resulting in loss of integrity. | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.