Vuldb Updates

A vulnerability described as critical has been identified in PHP-Fusion 9.03.50. Affected by this issue is the function add_panel_form of the file panels.php of the component POST Parameter Handler. Such manipulation of the argument panel_content leads to improper neutralization of directives in dynamically evaluated code. This vulnerability is referenced as CVE-2020-37137. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical was found in UltraVNC Launcher 1.2.4.0. The affected element is an unknown function. The manipulation of the argument Host configuration results in stack-based buffer overflow. This vulnerability is identified as CVE-2020-37133. The attack is only possible with local access. Additionally, an exploit exists.

A vulnerability was found in UltraVNC Launcher 1.2.4.0. It has been rated as critical. This affects an unknown part. This manipulation of the argument Password causes stack-based buffer overflow. This vulnerability appears as CVE-2020-37132. The attack requires local access. In addition, an exploit is available.

A vulnerability classified as critical was found in Linux Kernel up to 5.4.234/5.10.172/5.15.99/6.1.17/6.2.4. Affected by this issue is the function sctp_sched_prio_free_sid of the component sctp. Such manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2023-53590. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 5.15.114/6.1.30/6.3.4 and classified as critical. The impacted element is an unknown function of the component mlx5e. The manipulation results in deadlock. This vulnerability is cataloged as CVE-2023-53591. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.162/5.15.86/6.0.18/6.1.4. It has been rated as critical. Impacted is the function of_irq_find_parent of the component gpio. This manipulation causes improper update of reference count. This vulnerability is registered as CVE-2023-53592. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in Linux Kernel up to 5.15.98/6.1.15/6.2.2. The affected element is the function device_add in the library mac80211_hwsim.ko. Performing a manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2023-53594. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.4.11. This affects the function cifs_readpage_worker of the file Documentation/filesystems/vfs.rst. Performing a manipulation results in deadlock. This vulnerability was named CVE-2023-53593. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.54/6.5.4. Impacted is an unknown function of the component wifi. Such manipulation leads to privilege escalation. This vulnerability is traded as CVE-2023-53588. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 5.4.243/5.10.180/5.15.112/6.1.29/6.3.3. It has been declared as critical. This issue affects the function n_channels of the component wifi. The manipulation results in uninitialized pointer. This vulnerability is cataloged as CVE-2023-53589. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.179/5.15.110/6.1.27/6.2.14/6.3.1. It has been declared as critical. This vulnerability affects the function blk_crypto_evict_key. Executing a manipulation can lead to use after free. This vulnerability appears as CVE-2023-53536. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.54/6.5.4. Affected is an unknown function of the component wifi. The manipulation leads to privilege escalation. This vulnerability is referenced as CVE-2023-53540. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.2.2. This impacts an unknown function of the component ARM. Executing a manipulation can lead to denial of service. The identification of this vulnerability is CVE-2023-53542. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in opf openproject up to 16.6.5/17.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /projects/. This manipulation of the argument rev causes command injection. This vulnerability is registered as CVE-2026-24685. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in smartdatasoft SmartBlog 2.0.1. It has been classified as critical. This affects an unknown function. This manipulation of the argument id_post causes sql injection. This vulnerability is registered as CVE-2020-36972. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability identified as critical has been detected in ILIAS Learning Management System 4.3-5.1. This issue affects some unknown processing of the component XMLHttpRequest Handler. This manipulation causes server-side request forgery. This vulnerability appears as CVE-2020-36944. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in janet-lang janet up to 1.40.1. It has been classified as problematic. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-2241. The attack must be initiated from a local position. Furthermore, there is an exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in janet-lang janet up to 1.40.1. It has been declared as problematic. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2026-2242. The attack needs to be launched locally. Furthermore, an exploit is available. It is advisable to implement a patch to correct this issue.

A vulnerability was found in Linux Kernel up to 6.1.148/6.6.102/6.12.43/6.16.3. It has been declared as critical. Affected by this vulnerability is the function __get_user. Such manipulation leads to incorrect comparison. This vulnerability is documented as CVE-2025-39716. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.148/6.6.102/6.12.43/6.16.3. This issue affects the function skb_put. The manipulation results in buffer overflow. This vulnerability is known as CVE-2025-39718. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.