BETA-Cybersecurity-Werkzeug

Schwachstellen-Datenbank mit Threat-Intelligence Informationen

Umfassende Schwachstellendatenbank mit kombinierten Common-Vulnerability-Scoring-System (CVSS)- und Exploit-Prediction-Scoring-System (EPSS)-Bewertungen zur Priorisierung von Sicherheitslücken nach Schweregrad und Exploit-Wahrscheinlichkeit.

Diese Datenbank nutzt das DevGuard Projekt, welches durch die OWASP als Incubating Projekt aufgenommen wurde.

Base CVSS: CVSS (Common Vulnerability Scoring System) ist ein standardisiertes Bewertungssystem zur Quantifizierung der Schwere von Computersicherheitslücken, das Faktoren wie Angriffsvektoren, Komplexität, Auswirkungen und erforderliche Privilegien berücksichtigt.

Angepasster CVSS: Ein angepasster CVSS (Common Vulnerability Scoring System) berücksichtigt den eigenen Schutzbedarf und die aktuelle Bedrohungslage einer Organisation, um die Relevanz und Schwere einer Schwachstelle präziser zu bewerten.

EPSS: EPSS (Exploit Prediction Scoring System) ist ein Modell zur Vorhersage der Wahrscheinlichkeit, dass eine Software-Schwachstelle innerhalb von 30 Tagen ausgenutzt wird, basierend auf verschiedenen technischen und sozialen Faktoren. Mehr Informationen finden Sie auf der Seite der Organisation FIRST.

CVE
Base CVSS
Angepasster CVSS
EPSS
First reported
Message
CVE-2025-32415
7.87.10.00%Thu Apr 17 2025

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer underflow. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

CVE-2025-2947
7.26.60.00%Thu Apr 17 2025

IBM i 7.6 

contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the host operating system.

CVE-2025-43015
8.37.60.00%Thu Apr 17 2025

In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces

CVE-2025-43014
6.15.60.00%Thu Apr 17 2025

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation

CVE-2025-43013
6.96.30.00%Thu Apr 17 2025

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

CVE-2025-43012
8.37.70.00%Thu Apr 17 2025

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

CVE-2025-42921
4.23.90.00%Thu Apr 17 2025

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

CVE-2025-39596
9.890.00%Thu Apr 17 2025

Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8.

CVE-2025-39595
9.38.50.00%Thu Apr 17 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.

CVE-2025-39594
7.16.50.00%Thu Apr 17 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter allows Reflected XSS. This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.4.

CVE-2025-39588
9.890.00%Thu Apr 17 2025

Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.

CVE-2025-39587
9.38.50.00%Thu Apr 17 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65.

CVE-2025-39586
8.57.80.00%Thu Apr 17 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8.

CVE-2025-39583
7.16.50.00%Thu Apr 17 2025

Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.10.2.

CVE-2025-39580
5.85.30.00%Thu Apr 17 2025

Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.

CVE-2025-39569
8.57.80.00%Thu Apr 17 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1.

CVE-2025-39568
7.56.90.00%Thu Apr 17 2025

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3.

CVE-2025-39567
7.16.50.00%Thu Apr 17 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8.

CVE-2025-39562
5.95.40.00%Thu Apr 17 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.

CVE-2025-39559
6.560.00%Thu Apr 17 2025

Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bring Fraktguiden for WooCommerce: from n/a through 1.11.4.

CVE-2025-39558
7.16.50.00%Thu Apr 17 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7.

CVE-2025-39554
6.560.00%Thu Apr 17 2025

Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.

CVE-2025-39551
9.890.00%Thu Apr 17 2025

Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47.

CVE-2025-39550
9.890.00%Thu Apr 17 2025

Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15.

CVE-2025-39542
8.88.10.00%Thu Apr 17 2025

Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation. This issue affects Xelion Webchat: from n/a through 9.1.0.

·

Showing 1 of 10633 pages (265818 items)