VulDB Recent Entries

A vulnerability was found in Grip Theme up to 1.0.9 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to file inclusion. This vulnerability was named CVE-2025-26735. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Foton Theme up to 2.5.2 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2025-39458. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in SAP S4 HANA and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-31328. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in SAP Field Logistics and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to external control of assumed-immutable web parameter. This vulnerability is known as CVE-2025-31327. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in NVIDIA NvContainer Service on Windows. Affected is an unknown function of the component OpenSSL. The manipulation leads to use of hard-coded, security-relevant constants. This vulnerability is traded as CVE-2025-23253. The attack needs to be approached locally. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Hoteldruid 3.0.5. This issue affects some unknown processing. The manipulation of the argument commento1_1 leads to cross site scripting. The identification of this vulnerability is CVE-2023-43378. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in LabVantage up to 8.8.0.13 HF5. This vulnerability affects unknown code of the component Request Parameter Handler. The manipulation of the argument objectname leads to file inclusion. This vulnerability was named CVE-2025-43951. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Volmarg Personal Management System 1.4.65. This affects an unknown part of the component Goal Creation Section. The manipulation of the argument description leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-53569. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Volmarg Personal Management System 1.4.65. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Upload Section. The manipulation of the argument tag leads to cross site scripting. This vulnerability is handled as CVE-2024-53568. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument IW_SessionID_ leads to cross site scripting. This vulnerability is known as CVE-2025-43952. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in TOTOLINK A950RG 4.1.2cu.5161_B20200903. It has been classified as critical. Affected is the function setNoticeCfg. The manipulation of the argument NoticeUrl leads to Remote Code Execution. This vulnerability is traded as CVE-2025-28036. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. This issue affects the function setUpgradeFW. The manipulation of the argument FileName leads to Remote Code Execution. The identification of this vulnerability is CVE-2025-28039. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. This vulnerability affects the function setWebWlanIdx. The manipulation of the argument webWlanIdx leads to Remote Code Execution. This vulnerability was named CVE-2025-28038. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in TOTOLINK A830R 4.1.2cu.5182_B20201102. This affects the function setNoticeCfg. The manipulation of the argument NoticeUrl leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-28035. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in TCPWave DDI 11.34P1C2. Affected by this issue is some unknown functionality of the component File Upload. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-43946. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in cuba up to 7.2.22. Affected by this vulnerability is an unknown functionality. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-32959. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Jmix up to 1.6.1/2.3.4. Affected is an unknown function. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-32952. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in DPMAdirektPro 4.1.5. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to uncontrolled search path. The identification of this vulnerability is CVE-2025-43950. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in MuM MapEdit 24.2.3. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-43949. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in TOTOLINK A830R, A950RG, A3000RU and A3100R. It has been classified as critical. This affects an unknown part of the file downloadFile.cgi. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-28026. It is possible to initiate the attack remotely. There is no exploit available.