CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-28752 A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one paramete... | 9.3 | CRITICAL | — | 0 |
| CVE-2025-20919 Out-of-bounds read in applying binary of video content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-24683 Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Se... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-27439 An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone re... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-2612 If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Fir... | 8.1 | HIGH | — | 0 |
| CVE-2024-28715 Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.js... | 8.8 | HIGH | — | 0 |
| CVE-2023-45177 IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-52872 In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions. | 7.5 | HIGH | — | 0 |
| CVE-2024-28231 eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submes... | 9.6 | CRITICAL | — | 0 |
| CVE-2024-24818 EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to c... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-22724 An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. | 6.6 | MEDIUM | — | 0 |
| CVE-2024-29190 Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does no... | 7.5 | HIGH | — | 0 |
| CVE-2024-30161 In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.) | 6.5 | MEDIUM | — | 0 |
| CVE-2025-43879 WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attack... | N/A | NONE | — | 0 |
| CVE-2024-26644 In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl re... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-30192 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from ... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-20333 A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-20308 A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected devi... | 8.6 | HIGH | — | 0 |
| CVE-2024-29316 NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-30246 Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly ... | 7.6 | HIGH | — | 0 |
| CVE-2024-28288 Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-3117 A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the a... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-0091 Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2021-33139 Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of... | 5.7 | MEDIUM | — | 0 |
| CVE-2021-0145 Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0147 Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially ena... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0156 Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2021-0161 Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escal... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0162 Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via a... | 8.8 | HIGH | — | 0 |
| CVE-2021-0163 Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalat... | 8.8 | HIGH | — | 0 |
| CVE-2022-43045 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0164 Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable e... | 7.8 | HIGH | — | 0 |
| CVE-2021-0165 Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0166 Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a ... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0167 Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local acc... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0168 Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially en... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0169 Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0170 Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0172 Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentia... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0173 Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthentic... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0174 Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user t... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0175 Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 ma... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0176 Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially en... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0177 Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0178 Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacen... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0179 Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0183 Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 ma... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-23152 Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2021-33061 Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-33068 Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.