CVE-2026-27976
8.8HIGH
Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validatio...
2/26/2026CWE-61
Sicherheitsdatenbank
SCHWACHSTELLEN
DATENBANK
Umfassende Datenbank von CVEs, Exploits aus Exploit-DB und dem CISA KEV-Katalog. Täglich aktualisiert.
CVEs
2K+
Exploits
2K+
KEV
1K+
Täglich
LIVE
Kritisch & Ausgenutzt
CRITICAL
CVE-2025-62878
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary ...
CRITICAL
CVE-2026-27641
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vul...
CRITICAL
CVE-2026-27637
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version ...
CRITICAL
CVE-2026-27597
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2...
CRITICAL
CVE-2026-27822
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stor...
Aktuelle CVEs
CVE-2026-27967
7.1HIGH
Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files **outside the project directory*...
2/26/2026CWE-59
CVE-2026-27933
6.8MEDIUM
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cook...
2/26/2026CWE-613
CVE-2026-27821
NONE
GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd...
2/26/2026CWE-121
CVE-2026-27818
NONE
TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not...
2/26/2026CWE-20, CWE-918
CVE-2026-27812
NONE
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning (Host Header...
2/26/2026CWE-116
Aktuelle Exploits
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
CISA KEV-Katalog
| CVE-ID | Anbieter | Produkt | Hinzugefügt | Ransomware |
|---|---|---|---|---|
| CVE-2026-20805 | Microsoft | Windows | 2026-01-13 | - |
| CVE-2025-8110 | Gogs | Gogs | 2026-01-12 | - |
| CVE-2025-37164 | Hewlett Packard Enterprise (HPE) | OneView | 2026-01-07 | - |
| CVE-2009-0556 | Microsoft | Office | 2026-01-07 | - |
| CVE-2025-14847 | MongoDB | MongoDB and MongoDB Server | 2025-12-29 | - |
Datenquellen
Diese Datenbank wird nur zu Bildungszwecken und für autorisierte Sicherheitsforschung bereitgestellt.