Vuldb Updates

A vulnerability was found in Linux Kernel up to 5.4.256/5.10.194/5.15.131/6.1.53/6.5.3 and classified as critical. The impacted element is the function __inet_del_ifa of the component net. The manipulation results in memory leak. This vulnerability is reported as CVE-2023-53995. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.52/6.4.15/6.5.2. This impacts the function enc_dec_hypercall. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2023-53996. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.4.7. It has been declared as critical. This vulnerability affects the function thermal_zone_device_register of the component thermal. Executing a manipulation can lead to double free. This vulnerability is handled as CVE-2023-53997. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.23/6.2.10. Impacted is an unknown function. Performing a manipulation results in memory leak. This vulnerability was named CVE-2023-53993. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.4.250/5.10.187/5.15.120/6.1.39/6.4.4. Impacted is an unknown function of the component ionic. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2023-53994. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in OneFlow 0.9.0. Impacted is the function oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_differentiable. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2025-71008. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability was found in Red Hat Enterprise Linux and OpenShift Container Platform. It has been rated as problematic. Affected is the function grub_extcmd_dispatcher of the component grub2. Performing a manipulation results in unchecked return value. This vulnerability was named CVE-2024-45775. The attack needs to be approached locally. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability marked as critical has been reported in zevv Duc up to 1.4.5. This affects the function buffer_get. Performing a manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2025-13654. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in GNU grub2. The impacted element is an unknown function of the component UFS. The manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2025-0677. The attack needs to be performed locally. There is not any exploit available.

A vulnerability identified as problematic has been detected in Anthropic MCP TypeScript SDK up to 1.25.1. The impacted element is the function UriTemplate of the component URI Handler. Performing a manipulation results in inefficient regular expression complexity. This vulnerability is identified as CVE-2026-0621. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in Vega up to 5.6.2/6.1.1. This affects an unknown part. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-65110. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.15/6.1.1. It has been classified as critical. This vulnerability affects unknown code of the component Gadget Driver. Performing a manipulation results in use after free. This vulnerability was named CVE-2022-50704. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.0.2 and classified as critical. Affected by this vulnerability is the function qcom_smsm_probe. Performing a manipulation results in excessive iteration. This vulnerability is cataloged as CVE-2022-50703. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.15.89/6.0.2. This vulnerability affects unknown code of the component io_uring. Executing a manipulation can lead to state issue. This vulnerability is tracked as CVE-2022-50705. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.86/6.0.18/6.1.4. It has been rated as critical. This vulnerability affects the function vdpasim_net_init of the component vdpa_sim. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2022-50702. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.1.15/6.2.2 and classified as critical. This affects the function sg_copy_buffer of the component wifi. Such manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2022-50701. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.15/6.1.1. It has been rated as critical. This affects an unknown part of the file err_qdi.c of the component Host Driver. Performing a manipulation results in denial of service. This vulnerability is identified as CVE-2022-50700. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 5.10.151/5.15.75/6.0.5. The affected element is the function convert_context. Performing a manipulation of the argument gfp_t results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2022-50699. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Synology Media Server. This vulnerability affects unknown code of the component Streaming Service. Performing a manipulation results in authorization bypass. This vulnerability is cataloged as CVE-2024-4464. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mikado-Themes MediClinic Plugin up to 2.1 on WordPress. The impacted element is an unknown function. Such manipulation leads to path traversal: '.../...//'. This vulnerability is referenced as CVE-2025-49295. It is possible to launch the attack remotely. No exploit is available.