Vuldb Updates

A vulnerability, which was classified as critical, was found in xfig fig2dev 3.2.9a. Affected by this vulnerability is the function bezier_spline. The manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-46397. The attack requires a local approach. No exploit exists.

A vulnerability was found in Netlify CMS 2.10.192. It has been declared as problematic. This impacts the function the. Executing a manipulation of the argument body can lead to cross site scripting. The identification of this vulnerability is CVE-2023-38904. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in ntpsec gpsd. This impacts the function hnd_129540 of the file drivers/driver_nmea2000.c. The manipulation leads to out-of-bounds write. This vulnerability is referenced as CVE-2025-67268. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. Affected is the function acpi_ns_get_next_node of the component ACPICA. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2025-71118. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. This vulnerability affects the function sock_kmalloc of the file algif_kpp.c. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2025-71113. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. This issue affects the function allocate_resource of the file /proc/iomem of the component VIA Watchdog Driver. The manipulation results in allocation of resources. This vulnerability is known as CVE-2025-71114. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2 and classified as critical. This impacts the function decode_pool of the component libceph. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2025-71116. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. Affected by this issue is some unknown functionality of the component parisc. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-2025-71121. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc2. The impacted element is the function svcauth_gss of the component SUNRPC. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-71120. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.64/6.18.3/6.19-rc3 and classified as critical. The affected element is an unknown function of the component mac80211. Such manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-71127. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. It has been rated as critical. The affected element is the function parse_apply_sb_mount_options in the library string.h of the component ext4. Performing a manipulation of the argument s_mount_opts results in buffer overflow. This vulnerability is identified as CVE-2025-71123. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2/6.19-rc1. The impacted element is the function sys_perf_event_open of the file kernel/tracepoint.c. Executing a manipulation can lead to privilege escalation. This vulnerability is tracked as CVE-2025-71125. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. It has been rated as critical. This issue affects the function smc_special_trylock of the file smc91x.c. Performing a manipulation results in privilege escalation. This vulnerability was named CVE-2025-71132. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. Impacted is the function crypto_aead_encrypt. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2025-71131. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. Affected by this vulnerability is the function irdma_net_event. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2025-71133. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3. Affected is the function adv7842_cp_log_status of the component media. Executing a manipulation can lead to unchecked return value. This vulnerability appears as CVE-2025-71136. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.3/6.19-rc3. Affected by this issue is the function rx_pending. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-71137. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in SourceCodester E-Learning System 1.0. It has been declared as problematic. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. This vulnerability is handled as CVE-2026-1154. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as problematic, was found in hexpm hex.pm. This vulnerability affects unknown code in the library lib/hexpm_web/views/shared_authorization_view.ex. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-21618. The attack may be launched remotely. There is no exploit available. Applying a patch is advised to resolve this issue.

A vulnerability categorized as critical has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. This vulnerability was named CVE-2026-1155. The attack may be performed from remote. In addition, an exploit is available.