BETA-Cybersecurity-Werkzeug

Schwachstellen-Datenbank mit Threat-Intelligence Informationen

Umfassende Schwachstellendatenbank mit kombinierten Common-Vulnerability-Scoring-System (CVSS)- und Exploit-Prediction-Scoring-System (EPSS)-Bewertungen zur Priorisierung von Sicherheitslücken nach Schweregrad und Exploit-Wahrscheinlichkeit.

Diese Datenbank nutzt das DevGuard Projekt, welches durch die OWASP als Incubating Projekt aufgenommen wurde.

Base CVSS: CVSS (Common Vulnerability Scoring System) ist ein standardisiertes Bewertungssystem zur Quantifizierung der Schwere von Computersicherheitslücken, das Faktoren wie Angriffsvektoren, Komplexität, Auswirkungen und erforderliche Privilegien berücksichtigt.

Angepasster CVSS: Ein angepasster CVSS (Common Vulnerability Scoring System) berücksichtigt den eigenen Schutzbedarf und die aktuelle Bedrohungslage einer Organisation, um die Relevanz und Schwere einer Schwachstelle präziser zu bewerten.

EPSS: EPSS (Exploit Prediction Scoring System) ist ein Modell zur Vorhersage der Wahrscheinlichkeit, dass eine Software-Schwachstelle innerhalb von 30 Tagen ausgenutzt wird, basierend auf verschiedenen technischen und sozialen Faktoren. Mehr Informationen finden Sie auf der Seite der Organisation FIRST.

CVE
Base CVSS
Angepasster CVSS
EPSS
First reported
Message
CVE-2025-31458
7.16.50.03%Fri Mar 28 2025

Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder allows Stored XSS. This issue affects Video Embedder: from n/a through 1.7.1.

CVE-2025-31459
7.16.50.03%Fri Mar 28 2025

Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1.

CVE-2025-24386
7.87.10.07%Fri Mar 28 2025

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVE-2025-31433
6.560.03%Fri Mar 28 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miguel Sirvent Magic Embeds allows Stored XSS. This issue affects Magic Embeds: from n/a through 3.1.2.

CVE-2025-30093
8.17.40.02%Thu Mar 27 2025

HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions.

CVE-2025-26874
7.16.50.03%Thu Mar 27 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MemberSpace allows Reflected XSS.This issue affects MemberSpace: from n/a through 2.1.13.

CVE-2025-31439
5.450.03%Fri Mar 28 2025

Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess allows Cross Site Request Forgery. This issue affects Browser Caching with .htaccess: from 1.2.1 through n/a.

CVE-2025-24385
7.87.10.06%Fri Mar 28 2025

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

CVE-2025-31075
6.560.03%Fri Mar 28 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments allows Stored XSS. This issue affects MicroPayments: from n/a through 2.9.29.

CVE-2025-31094
6.560.03%Fri Mar 28 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.8.

CVE-2025-22739
5.34.90.03%Thu Mar 27 2025

Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5.

CVE-2024-55070
3.12.90.02%Thu Mar 27 2025

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.

CVE-2025-22740
5.34.90.03%Thu Mar 27 2025

Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4.

CVE-2025-26733
8.27.50.04%Thu Mar 27 2025

Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.

CVE-2025-1762
4.340.02%Fri Mar 28 2025

The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE-2025-31093
6.560.03%Fri Mar 28 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redpixelstudios RPS Include Content allows DOM-Based XSS. This issue affects RPS Include Content: from n/a through 1.2.1.

CVE-2025-31088
6.560.03%Fri Mar 28 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS. This issue affects Paid Member Subscriptions: from n/a through 2.14.3.

CVE-2025-24383
9.18.314.94%Fri Mar 28 2025

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.

CVE-2025-2294
9.89.31.25%Fri Mar 28 2025

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVE-2019-16149
5.55.10.09%Fri Mar 28 2025

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.

CVE-2025-31076
4.94.50.03%Fri Mar 28 2025

Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Compress for MainWP allows Server Side Request Forgery. This issue affects WP Compress for MainWP: from n/a through 6.30.03.

CVE-2025-31079
4.340.01%Fri Mar 28 2025

Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven allows Cross Site Request Forgery. This issue affects Usermaven: from n/a through 1.2.1.

CVE-2025-29306
9.89.30.25%Thu Mar 27 2025

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.

CVE-2023-38272
5.95.40.03%Thu Mar 27 2025

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1

could allow a user with access to the network to obtain sensitive information from CLI arguments.

CVE-2025-31460
7.16.50.03%Fri Mar 28 2025

Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager allows Stored XSS. This issue affects OmniLeads Scripts and Tags Manager: from n/a through 1.3.

·

Showing 1 of 10530 pages (263232 items)