Vuldb Updates

A vulnerability, which was classified as critical, was found in Keylime 7.12.0. This vulnerability affects unknown code of the component TLS Authentication. Executing a manipulation can lead to key exchange without entity authentication. This vulnerability is registered as CVE-2026-1709. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic was found in Tanium Client. Affected is an unknown function. Such manipulation leads to multiple binds to the same port. This vulnerability is referenced as CVE-2025-15320. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in lolypop55 html5_snmp 1.11. It has been declared as problematic. This issue affects some unknown processing of the file add_router_operation.php of the component POST Request Handler. The manipulation of the argument Remark results in cross site scripting. This vulnerability is known as CVE-2019-25294. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in thejshen contentManagementSystem 1.04. This vulnerability affects unknown code of the component GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2019-25303. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Acer Launch Manager 6.1.7600.16385. It has been rated as problematic. This vulnerability affects unknown code of the file C:\Program Files (x86)\Launch Manager\dsiwmis.exe. This manipulation causes unquoted search path. This vulnerability appears as CVE-2019-25302. The attack requires local access. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in Alps HID Monitor Service 8.1.0.10. This issue affects some unknown processing of the file C:\Program Files\Apoint2K\HidMonitorSvc.exe. Such manipulation leads to unquoted search path. This vulnerability is traded as CVE-2019-25292. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in Issivs Intelligent Security System SecurOS Enterprise 10.0.18362. Impacted is an unknown function of the file C:\Program Files (x86)\ISS\SecurOS\. Performing a manipulation results in unquoted search path. This vulnerability is known as CVE-2019-25304. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability described as problematic has been identified in Davidvg 60CycleCMS 2.5.2. Affected by this issue is some unknown functionality of the file news.php of the component GET Parameter Handler. Such manipulation of the argument etsu/ltsu leads to cross site scripting. This vulnerability is listed as CVE-2020-37111. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in thrsrossi Millhouse Project 1.414. The affected element is an unknown function of the file add_comment_sql.php. Such manipulation of the argument content leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-25301. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in rimbalinux AhadPOS 1.11. It has been declared as critical. The impacted element is an unknown function of the component POST Handler. Such manipulation of the argument alamatCustomer leads to sql injection. This vulnerability is traded as CVE-2019-25299. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in lolypop55 html5_snmp 1.11. This affects an unknown part. This manipulation of the argument Router_ID/Router_IP causes sql injection. This vulnerability is handled as CVE-2019-25298. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in thejshen Globitek CMS 1.4. It has been declared as critical. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2019-25300. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in AllHandsMarketing PhpIX 2012 Professional. This affects an unknown function of the file product_detail.php. The manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2020-37108. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in redmine PMB 5.6. This impacts an unknown function of the file /admin/sauvegarde/download.php of the component Requests Handler. The manipulation of the argument logid results in sql injection. This vulnerability is cataloged as CVE-2020-37105. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Davidvg 60CycleCMS 2.5.2. Affected is an unknown function in the library common/lib.php of the file news.php of the component Query Parameter Handler. This manipulation causes sql injection. This vulnerability is registered as CVE-2020-37110. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. This vulnerability is referenced as CVE-2026-2064. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Flycatcher Toys smART Pixelator 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. This vulnerability is identified as CVE-2026-2065. The attack can only be performed from the local network. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in nyariv SandboxJS up to 0.8.28. It has been classified as problematic. The affected element is an unknown function. This manipulation causes injection. This vulnerability appears as CVE-2026-25586. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in pydantic pydantic-ai up to 1.50.x and classified as critical. This vulnerability affects the function Agent.to_web of the component URL Handler. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-25640. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in nyariv SandboxJS up to 0.8.28. The impacted element is the function hosts. The manipulation of the argument Object.values/Object.entries results in injection. This vulnerability is identified as CVE-2026-25520. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.