VulDB Recent Entries

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is listed as CVE-2026-1685. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in llamastack Llama Stack up to 0.4.0rc2. This affects an unknown part of the component pgvector Password Handler. This manipulation causes sensitive information in log files. This vulnerability is tracked as CVE-2026-25211. The attack is restricted to local execution. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. This vulnerability is identified as CVE-2026-1684. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability classified as problematic has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-1683. Remote exploitation of the attack is possible. Furthermore, an exploit is available. To fix this issue, it is recommended to deploy a patch.

A vulnerability described as problematic has been identified in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-1682. The attack may be launched remotely. Furthermore, there is an exploit available. A patch should be applied to remediate this issue.

A vulnerability marked as problematic has been reported in libexpat up to 2.7.3. This impacts the function doContent. Performing a manipulation results in integer overflow. This vulnerability was named CVE-2026-25210. The attack needs to be approached locally. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in tale 2.0.5. This affects an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-69749. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in Netgear PR2000. The impacted element is an unknown function of the component TelnetEnable. This manipulation causes inclusion of undocumented features or chicken bits. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2026-24714. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Tanium Server. The affected element is an unknown function. The manipulation results in incorrect authorization. This vulnerability is known as CVE-2025-15322. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in FluentCMS up to 0.0.5. It has been rated as problematic. Impacted is an unknown function of the component File Management Module. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-15549. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tanium Interact up to 3.5.89. It has been declared as problematic. This issue affects some unknown processing. Executing a manipulation can lead to incorrect authorization. This vulnerability appears as CVE-2025-15288. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Ivanti Endpoint Manager Mobile. It has been classified as critical. This vulnerability affects unknown code. Performing a manipulation results in code injection. This vulnerability is reported as CVE-2026-1340. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Ivanti Endpoint Manager Mobile and classified as critical. This affects an unknown part. Such manipulation leads to code injection. This vulnerability is documented as CVE-2026-1281. The attack can be executed remotely. Additionally, an exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Edgemo 1.2.7.23180 on Windows and classified as critical. Affected by this issue is some unknown functionality of the file LocalAdminService.exe of the component WCF Endpoint. This manipulation causes execution with unnecessary privileges. This vulnerability is registered as CVE-2026-1680. The attack needs to be launched locally. No exploit is available.

A vulnerability, which was classified as problematic, was found in budibase up to 3.26.3. Affected by this vulnerability is an unknown functionality. The manipulation results in incorrect authorization. This vulnerability is cataloged as CVE-2026-25040. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in inspektor-gadget Inspektor Gadget up to 0.48.0. Affected is an unknown function of the file inspektor-gadget/cmd/common/image/build.go. The manipulation leads to command injection. This vulnerability is listed as CVE-2026-24905. The attack must be carried out locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in TrustTunnel up to 0.9.113. This impacts the function TcpStream::connect. Executing a manipulation can lead to server-side request forgery. This vulnerability is tracked as CVE-2026-24902. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Shirt Pocket SuperDuper up to 3.11. This affects an unknown function of the component Default Task Template Handler. Performing a manipulation results in Local Privilege Escalation. This vulnerability is identified as CVE-2025-69604. The attack is only possible with local access. There is not any exploit available.

A vulnerability described as critical has been identified in TP-Link VX800v 1.0. The impacted element is an unknown function of the component USB HTTP Access Path. Such manipulation leads to link following. This vulnerability is referenced as CVE-2025-15543. The attack can be executed directly on the physical device. No exploit is available.

A vulnerability marked as critical has been reported in Icinga icinga2 up to 2.13.13/2.14.7/2.15.1 on Windows. The affected element is an unknown function of the component Service. This manipulation causes incorrect default permissions. The identification of this vulnerability is CVE-2026-24413. The attack can only be executed locally. There is no exploit available. It is suggested to upgrade the affected component.