CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-62232 Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of ... | 7.5 | HIGH | — | 0 |
| CVE-2025-11843 Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to imper... | N/A | NONE | — | 0 |
| CVE-2025-12041 The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions up to, and including, 1.1.0. Th... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-12115 The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the abi... | 7.5 | HIGH | — | 0 |
| CVE-2025-40106 In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %=... | N/A | NONE | — | 0 |
| CVE-2025-11602 Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no contro... | N/A | NONE | — | 0 |
| CVE-2025-40603 A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credent... | 4.5 | MEDIUM | — | 0 |
| CVE-2025-13164 EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system f... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-13992 Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from another website. The vulnerable compon... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-33003 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privile... | 7.8 | HIGH | — | 0 |
| CVE-2025-36249 IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:... | 3.7 | LOW | — | 0 |
| CVE-2025-4952 Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration. | N/A | NONE | — | 0 |
| CVE-2025-12460 An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a re... | N/A | NONE | — | 0 |
| CVE-2025-12521 The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauth... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-64386 The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parame... | N/A | NONE | — | 0 |
| CVE-2025-12501 Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() funct... | 7.5 | HIGH | — | 0 |
| CVE-2025-57106 Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing ... | 7.5 | HIGH | — | 0 |
| CVE-2025-64385 The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be co... | N/A | NONE | — | 0 |
| CVE-2025-64387 The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. T... | N/A | NONE | — | 0 |
| CVE-2025-64388 Denial of service of the web server through specific requests to this protocol | N/A | NONE | — | 0 |
| CVE-2025-64389 The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol. | N/A | NONE | — | 0 |
| CVE-2025-12507 The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed. | 8.8 | HIGH | — | 0 |
| CVE-2025-12508 When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality. | 8.4 | HIGH | — | 0 |
| CVE-2025-12509 On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights. | 8.4 | HIGH | — | 0 |
| CVE-2025-12552 Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-12553 Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-63442 Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject an... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-12554 Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-29270 Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device. | 10.0 | CRITICAL | — | 0 |
| CVE-2025-63466 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service... | 7.5 | HIGH | — | 0 |
| CVE-2025-63467 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (Do... | 7.5 | HIGH | — | 0 |
| CVE-2025-63468 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Servic... | 7.5 | HIGH | — | 0 |
| CVE-2025-63469 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (Do... | 7.5 | HIGH | — | 0 |
| CVE-2025-59501 Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. | 4.8 | MEDIUM | — | 0 |
| CVE-2025-3717 When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, i... | N/A | NONE | — | 0 |
| CVE-2025-63460 Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service ... | 7.5 | HIGH | — | 0 |
| CVE-2025-63461 Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (... | 7.5 | HIGH | — | 0 |
| CVE-2025-63462 Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service... | 7.5 | HIGH | — | 0 |
| CVE-2025-63463 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service ... | 7.5 | HIGH | — | 0 |
| CVE-2025-63464 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (Do... | 7.5 | HIGH | — | 0 |
| CVE-2025-63465 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (Do... | 7.5 | HIGH | — | 0 |
| CVE-2025-62264 Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-63450 Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-63459 Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service ... | 7.5 | HIGH | — | 0 |
| CVE-2025-62267 Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-62618 ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashe... | 8.0 | HIGH | — | 0 |
| CVE-2025-63454 Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of S... | 7.5 | HIGH | — | 0 |
| CVE-2025-12464 A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems ... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-63458 Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Servic... | 7.5 | HIGH | — | 0 |
| CVE-2015-0069 Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.