Vuldb Updates

A vulnerability was found in Linux Kernel up to 5.10.162/5.15.85/6.0.15/6.1.1. It has been rated as critical. Affected by this vulnerability is the function rpi_firmware_probe. This manipulation causes memory leak. This vulnerability is handled as CVE-2022-50537. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 5.4.228/5.10.162/5.15.85/6.0.15/6.1.1 and classified as critical. The impacted element is the function mpt3sas_transport_port_add. Such manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-50532. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.3. This affects the function __open_metadata. Executing a manipulation can lead to infinite loop. This vulnerability is tracked as CVE-2022-50534. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.0.15/6.1.1 and classified as critical. This impacts the function ap_mld_addr of the component wifi. Performing a manipulation results in null pointer dereference. This vulnerability is known as CVE-2022-50533. Attacking locally is a requirement. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.0.5. It has been rated as critical. The impacted element is the function blk_mq_clear_rq_mapping. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2022-50530. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.1. Affected is the function test_firmware_init. The manipulation results in memory leak. This vulnerability is cataloged as CVE-2022-50529. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 4.19.263/5.4.220/5.10.151/5.15.75/6.0.5. Impacted is the function tipc_topsrv_kern_subscr in the library lib/iov_iter.c of the component tipc. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2022-50531. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 5.15.85/6.0.15/6.1.1. This vulnerability affects the function _gpuvm_import_dmabuf. Performing a manipulation results in memory leak. This vulnerability is cataloged as CVE-2022-50528. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in Totolink X6000R 9.4.0cu.852_B20230719. Impacted is the function sub_4119A0 of the file shttpd. Performing a manipulation results in os command injection. This vulnerability is reported as CVE-2023-48812. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability was found in Totolink X6000R 9.4.0cu.852_B20230719. It has been classified as critical. Impacted is the function sub_4119A0 of the file shttpd. This manipulation causes os command injection. The identification of this vulnerability is CVE-2023-48810. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Totolink X6000R 9.4.0cu.852_B20230719. It has been declared as critical. The affected element is the function sub_4119A0 of the file shttpd. Such manipulation leads to os command injection. This vulnerability is referenced as CVE-2023-48811. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability was found in Senayan SLiMS 9.6.1. It has been rated as critical. Impacted is an unknown function of the file admin/modules/reporting/customs/fines_report.php. Performing a manipulation results in sql injection. This vulnerability was named CVE-2023-48813. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability, which was classified as critical, was found in Totolink X6000R 9.4.0cu.852_B20230719. This affects the function sub_4119A0 of the file shttpd. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2023-48807. The attack can only be done within the local network. There is not any exploit available.

A vulnerability was found in Totolink X6000R 9.4.0cu.852_B20230719 and classified as critical. This issue affects the function sub_4119A0 of the file shttpd. The manipulation results in os command injection. This vulnerability was named CVE-2023-48808. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability described as problematic has been identified in actualbudget actual up to 26.2.0. This affects an unknown function of the file /sync/ of the component Sync API Endpoint. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2026-27638. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in seerr-team seerr up to 3.0.x and classified as critical. This vulnerability affects unknown code of the file /api/v1/auth/jellyfin. The manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2026-27707. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in seerr-team seerr up to 3.0.x. It has been classified as problematic. Impacted is an unknown function of the file /api/v1/user/. This manipulation causes authorization bypass. The identification of this vulnerability is CVE-2026-27793. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in seerr-team seerr up to 3.0.x. Affected is the function isOwnProfileOrAdmin of the component Application Starting. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-27792. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Intermesh groupoffice up to 6.8.152/25.0.86/26.0.7. This impacts an unknown function of the file index.php?r=email/template/emailSelection of the component Endpoint. The manipulation of the argument advancedQueryData results in sql injection. This vulnerability is reported as CVE-2026-27832. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Intermesh groupoffice up to 6.8.153/25.0.86/26.0.8 and classified as critical. This issue affects some unknown processing. The manipulation results in argument injection. This vulnerability was named CVE-2026-27947. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.