BETA-Cybersecurity-Werkzeug
Schwachstellen-Datenbank mit Threat-Intelligence Informationen
Umfassende Schwachstellendatenbank mit kombinierten Common-Vulnerability-Scoring-System (CVSS)- und Exploit-Prediction-Scoring-System (EPSS)-Bewertungen zur Priorisierung von Sicherheitslücken nach Schweregrad und Exploit-Wahrscheinlichkeit.
Diese Datenbank nutzt das DevGuard Projekt, welches durch die OWASP als Incubating Projekt aufgenommen wurde.
Base CVSS: CVSS (Common Vulnerability Scoring System) ist ein standardisiertes Bewertungssystem zur Quantifizierung der Schwere von Computersicherheitslücken, das Faktoren wie Angriffsvektoren, Komplexität, Auswirkungen und erforderliche Privilegien berücksichtigt.
Angepasster CVSS: Ein angepasster CVSS (Common Vulnerability Scoring System) berücksichtigt den eigenen Schutzbedarf und die aktuelle Bedrohungslage einer Organisation, um die Relevanz und Schwere einer Schwachstelle präziser zu bewerten.
EPSS: EPSS (Exploit Prediction Scoring System) ist ein Modell zur Vorhersage der Wahrscheinlichkeit, dass eine Software-Schwachstelle innerhalb von 30 Tagen ausgenutzt wird, basierend auf verschiedenen technischen und sozialen Faktoren. Mehr Informationen finden Sie auf der Seite der Organisation FIRST.
CVE | Base CVSS | Angepasster CVSS | EPSS | First reported | Message |
---|---|---|---|---|---|
CVE-2025-32415 | 7.8 | 7.1 | 0.00% | Thu Apr 17 2025 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer underflow. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. |
CVE-2025-2947 | 7.2 | 6.6 | 0.00% | Thu Apr 17 2025 | IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system. |
CVE-2025-43015 | 8.3 | 7.6 | 0.00% | Thu Apr 17 2025 | In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces |
CVE-2025-43014 | 6.1 | 5.6 | 0.00% | Thu Apr 17 2025 | In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation |
CVE-2025-43013 | 6.9 | 6.3 | 0.00% | Thu Apr 17 2025 | In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible |
CVE-2025-43012 | 8.3 | 7.7 | 0.00% | Thu Apr 17 2025 | In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible |
CVE-2025-42921 | 4.2 | 3.9 | 0.00% | Thu Apr 17 2025 | In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin |
CVE-2025-39596 | 9.8 | 9 | 0.00% | Thu Apr 17 2025 | Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8. |
CVE-2025-39595 | 9.3 | 8.5 | 0.00% | Thu Apr 17 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8. |
CVE-2025-39594 | 7.1 | 6.5 | 0.00% | Thu Apr 17 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter allows Reflected XSS. This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.4. |
CVE-2025-39588 | 9.8 | 9 | 0.00% | Thu Apr 17 2025 | Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0. |
CVE-2025-39587 | 9.3 | 8.5 | 0.00% | Thu Apr 17 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65. |
CVE-2025-39586 | 8.5 | 7.8 | 0.00% | Thu Apr 17 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8. |
CVE-2025-39583 | 7.1 | 6.5 | 0.00% | Thu Apr 17 2025 | Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.10.2. |
CVE-2025-39580 | 5.8 | 5.3 | 0.00% | Thu Apr 17 2025 | Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8. |
CVE-2025-39569 | 8.5 | 7.8 | 0.00% | Thu Apr 17 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1. |
CVE-2025-39568 | 7.5 | 6.9 | 0.00% | Thu Apr 17 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3. |
CVE-2025-39567 | 7.1 | 6.5 | 0.00% | Thu Apr 17 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8. |
CVE-2025-39562 | 5.9 | 5.4 | 0.00% | Thu Apr 17 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72. |
CVE-2025-39559 | 6.5 | 6 | 0.00% | Thu Apr 17 2025 | Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bring Fraktguiden for WooCommerce: from n/a through 1.11.4. |
CVE-2025-39558 | 7.1 | 6.5 | 0.00% | Thu Apr 17 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7. |
CVE-2025-39554 | 6.5 | 6 | 0.00% | Thu Apr 17 2025 | Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3. |
CVE-2025-39551 | 9.8 | 9 | 0.00% | Thu Apr 17 2025 | Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47. |
CVE-2025-39550 | 9.8 | 9 | 0.00% | Thu Apr 17 2025 | Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15. |
CVE-2025-39542 | 8.8 | 8.1 | 0.00% | Thu Apr 17 2025 | Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation. This issue affects Xelion Webchat: from n/a through 9.1.0. |
Showing 1 of 10633 pages (265818 items)