Vuldb Updates

A vulnerability, which was classified as critical, was found in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-2908. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Tenda HG9 300001138 and classified as critical. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-2909. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Tenda HG9 300001138 and classified as critical. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-2910. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Tenda FH451 up to 1.0.0.9. It has been classified as critical. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2026-2911. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Online Reviewer System 1.0. It has been declared as critical. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. This vulnerability is known as CVE-2026-2912. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-2925. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, was found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2026-2926. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in D-Link DWR-M960 1.01.07 and classified as critical. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-2927. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability identified as problematic has been detected in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2026-2903. The attack can only be executed locally. Furthermore, there is an exploit available. It is suggested to install a patch to address this issue.

A vulnerability was found in libvips up to 8.19.0. It has been rated as problematic. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. This vulnerability is handled as CVE-2026-2913. It is possible to launch the attack on the local host. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue. The confirmation of the bugfix mentions: "[T]he impact of this is negligible, since this only affects custom seekable sources larger than 4 GiB (and the crash occurs in user code rather than libvips itself)."

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.10.174/5.15.102/6.1.15/6.2.2. This impacts the function vmx_vcpu_create. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2023-53756. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.15/6.2.2. It has been rated as critical. This affects the function pt_issue_pending of the component PTDMA Driver. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2023-53755. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.3.1. It has been declared as critical. The impacted element is the function lpfc_sli4_pci_mem_setup of the component scsi. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2023-53754. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.15/6.2.2. This impacts an unknown function. The manipulation results in out-of-bounds read. This vulnerability was named CVE-2023-53753. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

It seems this issue is a false-positive. Please confirm the sources provided and consider disregarding this entry.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.29/6.3.3. The affected element is the function queue_setup. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2023-53748. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.53/6.4.15/6.5.2. Affected by this issue is the function kmalloc_reserve of the file net/core/skbuff.c of the component net. The manipulation results in integer overflow. This vulnerability was named CVE-2023-53752. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Linux Kernel up to 6.3.12/6.4.3. The impacted element is the function num_configs of the component pinctrl. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2023-53750. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.27/6.2.14/6.3.1. This affects the function TCP_Server_Info::hostname of the component cifs. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2023-53751. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.4.239/5.10.176/5.15.105/6.1.22/6.2.9. This affects the function vfio_ap. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-53746. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.