Vuldb Updates

A vulnerability labeled as problematic has been found in Microsoft Configuration Manager. Affected is an unknown function. The manipulation results in sql injection. This vulnerability was named CVE-2025-55320. The attack needs to be approached locally. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability identified as critical has been detected in Canonical LXD up to 5.21.3/6.4. Impacted is an unknown function of the component Log File Handler. Performing manipulation results in path traversal. This vulnerability is reported as CVE-2025-54293. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability marked as critical has been reported in HPE ArubaOS up to 8.10.0.18/8.12.0.5/8.13.0.1/10.4.1.8/10.7.1.1. Affected by this vulnerability is an unknown functionality of the component CLI. The manipulation leads to command injection. This vulnerability is listed as CVE-2025-37133. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in HPE ArubaOS up to 8.10.0.18/8.12.0.5/8.13.0.1/10.4.1.8/10.7.1.1. It has been declared as critical. The affected element is an unknown function of the component Web-based Management Interface. The manipulation results in unrestricted upload. This vulnerability was named CVE-2025-37132. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Appointments Plugin up to 2.2.1 on WordPress. It has been rated as critical. This issue affects the function WP_Theme of the component Cookie Handler. The manipulation of the argument wpmudev_appointments leads to deserialization. This vulnerability is uniquely identified as CVE-2017-20206. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability identified as critical has been detected in RegistrationMagic Plugin 3.7.9.2/3.7.9.3 on WordPress. The affected element is the function is_expired_by_date. This manipulation causes deserialization. The identification of this vulnerability is CVE-2017-20208. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in ShortPixel Image Optimizer Plugin up to 6.3.4 on WordPress. The impacted element is the function shortpixel_ajaxRequest of the component Setting Handler. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2025-11378. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as problematic has been reported in 10WebMapBuilder Plugin up to 1.0.63 on WordPress. This affects an unknown function of the component Setting Handler. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2020-36853. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in Async JavaScript Plugin up to 2.19.07.14 on WordPress. This impacts the function aj_steps of the component Setting Handler. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2020-36854. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical was found in Flickr Gallery Plugin up to 1.5.2 on WordPress. Affected by this vulnerability is the function WP_Theme. The manipulation results in deserialization. This vulnerability is cataloged as CVE-2017-20207. The attack may be launched remotely. There is no exploit available.

A vulnerability categorized as problematic has been discovered in Matthieu Aubry phpMyVisites 1.3. Affected by this vulnerability is an unknown functionality of the file set_lang.php. Executing manipulation of the argument mylang can lead to information disclosure. This vulnerability is registered as CVE-2005-1325. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in PhpMyFaq 1.5.1. It has been classified as problematic. This impacts an unknown function of the file index.php of the component Agent. Performing manipulation of the argument LANGCODE results in path traversal. This vulnerability is cataloged as CVE-2005-3048. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in phpMyFamily 1.4. It has been classified as critical. This affects an unknown function of the file people.php of the component Login. The manipulation of the argument Researcher leads to sql injection. This vulnerability is traded as CVE-2005-0841. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability marked as problematic has been reported in Accomplishtechnology phpMyDirectory 10.1.3. Affected by this issue is some unknown functionality of the file review.php. The manipulation of the argument subsubcat leads to cross site scripting. This vulnerability is uniquely identified as CVE-2005-0896. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Clever Copy 0.24.4. This issue affects some unknown processing of the file viewattach.php. This manipulation of the argument forum causes sql injection. This vulnerability appears as CVE-2005-2323. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability marked as problematic has been reported in Phpheaven phpMyChat 0.14.6. Affected by this vulnerability is an unknown functionality of the file start_page.css.php. The manipulation of the argument From leads to basic cross site scripting. This vulnerability is traded as CVE-2005-3991. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in typecho 1.1/17.10.30. It has been rated as critical. Impacted is an unknown function of the file install.php. Performing manipulation results in privilege escalation. This vulnerability is known as CVE-2023-24114. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical has been found in Ubiquiti UniFi Dream Machine Pro 7.2.95. The affected element is an unknown function of the component Domain Restriction. This manipulation causes improper access controls. The identification of this vulnerability is CVE-2023-24104. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in hour_of_code_python_2015 520929797b9ca43bb818b2e8f963fb2025459fa3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file requirements.txt. Performing manipulation results in backdoor. This vulnerability is known as CVE-2023-24107. Access to the local network is required for this attack. No exploit is available.

A vulnerability was found in MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737. It has been declared as critical. This vulnerability affects unknown code of the file requirements.txt. The manipulation results in backdoor. This vulnerability was named CVE-2023-24108. The attack needs to be approached within the local network. There is no available exploit.