CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-34859 UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-34861 Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.3 | MEDIUM | — | 0 |
| CVE-2026-34862 Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.3 | MEDIUM | — | 0 |
| CVE-2026-34863 Out-of-bounds write vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. | 6.7 | MEDIUM | — | 0 |
| CVE-2026-34864 Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.8 | MEDIUM | — | 0 |
| CVE-2026-34624 Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environm... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27310 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | — | 0 |
| CVE-2026-27313 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | — | 0 |
| CVE-2026-34618 Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi... | 7.8 | HIGH | — | 0 |
| CVE-2026-27287 InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An... | 7.8 | HIGH | — | 0 |
| CVE-2026-21726 The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/r... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33888 ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type m... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-35569 ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description),... | 8.7 | HIGH | — | 0 |
| CVE-2026-40917 A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious I... | 5.0 | MEDIUM | — | 0 |
| CVE-2026-6304 Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. ... | 8.3 | HIGH | — | 0 |
| CVE-2026-6305 Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-6315 Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craft... | 8.8 | HIGH | — | 0 |
| CVE-2026-6316 Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2026-6384 A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a speci... | 7.3 | HIGH | — | 0 |
| CVE-2026-6385 A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-40261 Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $sourceR... | 8.8 | HIGH | — | 0 |
| CVE-2026-6398 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2026-1564 Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role. | N/A | NONE | — | 0 |
| CVE-2026-1711 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role. | N/A | NONE | — | 0 |
| CVE-2026-5017 A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipu... | 7.3 | HIGH | — | 0 |
| CVE-2026-23279 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() In mesh_rx_csa_frame(), elems->mesh_chansw_params_ie is derefe... | N/A | NONE | — | 0 |
| CVE-2026-23281 In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbs_free_adapter() The lbs_free_adapter() function uses timer_delete() (non-synchronous) for... | N/A | NONE | — | 0 |
| CVE-2026-31423 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m... | N/A | NONE | — | 0 |
| CVE-2026-31425 In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rds_ib_get_mr() extracts the rds_ib_connection from conn->c_... | N/A | NONE | — | 0 |
| CVE-2026-31427 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp process_sdp() declares union nf_inet_addr rtp_addr o... | N/A | NONE | — | 0 |
| CVE-2026-0894 The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, and including, 3.3.9 due to in... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2505 The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode rend... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-5018 A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulati... | 7.3 | HIGH | — | 0 |
| CVE-2026-5043 A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation... | 8.8 | HIGH | — | 0 |
| CVE-2026-33575 OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes ... | 7.5 | HIGH | — | 0 |
| CVE-2026-5044 A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such m... | 8.8 | HIGH | — | 0 |
| CVE-2026-5101 A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of t... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5102 A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handle... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15036 A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present ... | N/A | NONE | — | 0 |
| CVE-2026-3124 The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a... | 7.5 | HIGH | — | 0 |
| CVE-2026-5103 A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes c... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5104 A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip lea... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5105 A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performi... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7741 Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the ... | N/A | NONE | — | 0 |
| CVE-2026-2370 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed... | 8.1 | HIGH | — | 0 |
| CVE-2025-3716 User enumeration in ESET Protect (on-prem) via Response Timing. | N/A | NONE | — | 0 |
| CVE-2026-39839 Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo E... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-39840 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This iss... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-5301 Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries | 7.6 | HIGH | — | 0 |
| CVE-2026-5302 CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites | 6.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.