Warum die Überwachung von Schwachstellen für Ihr Unternehmen kritisch ist
Im Jahr 2025 wurden 48 185 neue Schwachstellen (CVE) veröffentlicht — ein Anstieg von 20 % gegenüber 2024. Im Jahr 2026 beschleunigt sich der Trend noch weiter. Jeden Tag werden mehr als 130 Sicherheitslücken öffentlich gemacht, von denen einige die Software betreffen, die Ihr Unternehmen täglich nutzt.
Laut dem Verizon Data Breach Investigations Report nutzen 60 % der Datenverletzungen Schwachstellen aus, für die zum Zeitpunkt des Angriffs bereits ein Patch vorhanden war. Das Problem ist nicht das Fehlen von Patches — es ist das Fehlen von Überwachung. Kein IT-Team kann manuell 130 CVE pro Tag verfolgen.
Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.
Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.
Accédez à CVE Find
Was CVE Find für Sie tut
Wie werde ich in Echtzeit gewarnt?
CVE Find benachrichtigt Sie per E-Mail und SMS, sobald eine Schwachstelle Ihre Produkte betrifft. Konfigurierbare Frequenz: von der sofortigen Benachrichtigung bis zur monatlichen Zusammenfassung.
Sind meine Softwareprodukte anfällig?
Konfigurieren Sie Ihre Produkte (CMS, Server, Bibliotheken) über den CPE-Katalog. CVE Find überwacht die MITRE-Datenbank kontinuierlich und warnt Sie automatisch. 338 000+ CVE indexiert.
Wie priorisiere ich Patches?
Die CVSS-Bewertung (Schweregrad) und EPSS (Wahrscheinlichkeit einer tatsächlichen Ausnutzung) zeigen Ihnen, was zuerst korrigiert werden muss. Keine falschen Positiven mehr.
Welche Schwachstellen werden aktiv ausgenutzt?
Der integrierte CISA KEV-Katalog identifiziert Schwachstellen, die bereits in der Praxis ausgenutzt werden. Dies sind die Lücken, die mit absoluter Priorität zu schliessen sind.
Ist die Plattform auf Deutsch verfügbar?
Ja. CVE Find ist in Französisch, Englisch und Deutsch verfügbar. In der Schweiz von Bexxo entwickelt, ist es die einzige vollständige CVE-Plattform auf Deutsch.
Sind die Daten zuverlässig und aktuell?
Echtzeit-Synchronisierung mit MITRE, NVD, CISA und FIRST.org. Mehr als 48 000 CVE im Jahr 2025 hinzugefügt, und die Datenbank wird stündlich aktualisiert.
Bleiben Sie einen Schritt voraus mit den neuesten kritischen Sicherheitslücken.
CVE-2026-3587 - CRITICAL
23/03/2026
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.
CVE-2026-4601 - HIGH
23/03/2026
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature.
OWSAP: A02
CVE-2026-4599 - CRITICAL
23/03/2026
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation.
CVE-2026-4567 - CRITICAL
23/03/2026
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
overflow
CVE-2026-4566 - HIGH
23/03/2026
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
overflow
CVE-2026-4565 - HIGH
23/03/2026
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
overflow
CVE-2026-4558 - HIGH
22/03/2026
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but...
oscommandinjectioncommandinjectionOWSAP: A03
CVE-2026-4555 - HIGH
22/03/2026
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affec...
overflow
CVE-2026-4553 - HIGH
22/03/2026
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
overflow
CVE-2026-4551 - HIGH
22/03/2026
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
overflow
CVE-2026-4552 - HIGH
22/03/2026
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
overflow
CVE-2019-25615 - HIGH
22/03/2026
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data, NSEH jump instructions, and SEH handler addresses to trigger code execution and establish a bind shell on port 3110.
overflow
CVE-2019-25614 - CRITICAL
22/03/2026
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the ...
overflow
CVE-2019-25611 - HIGH
22/03/2026
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.
overflow
CVE-2019-25609 - HIGH
22/03/2026
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.
overflow
CVE-2019-25608 - HIGH
22/03/2026
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enab...
OWSAP: A05
CVE-2019-25607 - HIGH
22/03/2026
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.
overflow
CVE-2019-25604 - HIGH
22/03/2026
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges.
overflow
CVE-2019-25603 - HIGH
22/03/2026
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establis...
overflow
CVE-2019-25619 - HIGH
22/03/2026
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.
overflow
