CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-24796 Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C. ... | N/A | NONE | — | 0 |
| CVE-2026-24797 Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libjpeg-turbo/libjpeg-turbo modules). This vulnerability is associated with program files tjbench.C. This issue affects cupoch. | N/A | NONE | — | 0 |
| CVE-2026-24798 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with pr... | N/A | NONE | — | 0 |
| CVE-2026-24799 Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in davisking dlib (dlib/external/zlib modules). This vulnerability is associated with program ... | N/A | NONE | — | 0 |
| CVE-2026-24800 Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program fil... | N/A | NONE | — | 0 |
| CVE-2026-24802 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in briandilley jsonrpc4j (src/main/java/com/googlecode/jsonrpc4j modules). This vulnerability is associated with program files NoCl... | N/A | NONE | — | 0 |
| CVE-2026-24803 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with... | N/A | NONE | — | 0 |
| CVE-2026-24804 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common modules). This vulnerability is associated with progra... | N/A | NONE | — | 0 |
| CVE-2026-21417 Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vul... | 7.0 | HIGH | — | 0 |
| CVE-2026-24345 Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI | 8.8 | HIGH | — | 0 |
| CVE-2026-24346 Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application | 9.1 | CRITICAL | — | 0 |
| CVE-2026-24347 Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24348 Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24826 Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects . | N/A | NONE | — | 0 |
| CVE-2026-24827 Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge. | 7.5 | HIGH | — | 0 |
| CVE-2026-24828 Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4. | 7.5 | HIGH | — | 0 |
| CVE-2026-24829 Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24830 Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-12386 Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to ... | N/A | NONE | — | 0 |
| CVE-2025-12387 A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing ... | N/A | NONE | — | 0 |
| CVE-2025-41726 A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then... | 8.8 | HIGH | — | 0 |
| CVE-2025-41727 A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access. | 7.8 | HIGH | — | 0 |
| CVE-2025-41728 A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that caus... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1213 All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12... | N/A | NONE | — | 0 |
| CVE-2020-36938 WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access contr... | 8.8 | HIGH | — | 0 |
| CVE-2020-36939 Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disa... | 7.5 | HIGH | — | 0 |
| CVE-2020-36940 Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload an... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24868 Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.0.2. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-36942 Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img... | 8.8 | HIGH | — | 0 |
| CVE-2020-36947 LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnera... | 7.1 | HIGH | — | 0 |
| CVE-2020-36948 VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to a... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36950 Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests w... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-36951 Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploi... | 8.2 | HIGH | — | 0 |
| CVE-2021-47900 Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers ca... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47901 Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redi... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47902 Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious S... | 8.2 | HIGH | — | 0 |
| CVE-2025-15468 Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A ... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-15469 Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signin... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-24870 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 3.7 | LOW | — | 0 |
| CVE-2025-28162 Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations,... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-66199 Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact ... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-68160 Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary:... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-68670 xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain ... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-69418 Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block... | 4.0 | MEDIUM | — | 0 |
| CVE-2025-69419 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte wri... | 7.4 | HIGH | — | 0 |
| CVE-2025-69420 Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NU... | 7.5 | HIGH | — | 0 |
| CVE-2025-69565 code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22795 Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be cause... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-22796 Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an inval... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24831 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.