Vuldb Updates

A vulnerability was found in Eclipse JGit up to 7.2.0.202503040940-r. It has been declared as problematic. This vulnerability affects the function ManifestParser of the component XML File Parser. The manipulation results in xml external entity reference. This vulnerability is known as CVE-2025-4949. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Rust up to 1.77.1 on Windows. It has been declared as critical. Affected by this vulnerability is the function Command::arg of the component Batch File Handler. Such manipulation leads to os command injection. This vulnerability is traded as CVE-2024-24576. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in ChurchCRM 4.5.3. Affected is an unknown function of the file GroupReports.php. The manipulation of the argument GroupRole/ReportModel/OnlyCart leads to cross site scripting. This vulnerability is traded as CVE-2023-33661. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in ai-dev aicombinationsonfly up to 0.3.0 on PrestaShop. Affected is an unknown function of the file /includes/ajax.php. The manipulation leads to sql injection. This vulnerability is traded as CVE-2023-33664. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in ai-dev aitable up to 0.2.1. This affects an unknown part of the file /includes/ajax.php. The manipulation results in sql injection. This vulnerability is identified as CVE-2023-33665. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in ai-dev Module up to 0.2.0 on PrestaShop. This affects an unknown function. Executing a manipulation of the argument Customization can lead to sql injection. This vulnerability is tracked as CVE-2023-33663. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.3.1. The impacted element is the function fw_getenv of the component MIPS. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2023-54279. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.6. It has been declared as critical. Affected by this issue is the function adreno_show_object. Such manipulation leads to memory leak. This vulnerability is traded as CVE-2022-50867. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.1. It has been classified as critical. Affected by this issue is the function rio_register_mport. Performing a manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2022-50857. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.1.28/6.2.15/6.3.2 and classified as critical. Impacted is the function __replace_atomic_write_block of the component f2fs. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2023-54192. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to sql injection. This vulnerability is listed as CVE-2026-0582. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. This vulnerability is cataloged as CVE-2026-0583. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Online Product Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2026-0584. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in code-projects Online Product Reservation System 1.0 and classified as critical. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. Such manipulation of the argument transaction_id leads to sql injection. This vulnerability is documented as CVE-2026-0585. The attack can be executed remotely. Additionally, an exploit exists.

Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability, which was classified as critical, was found in H3C Magic R300 R300-2100MV100R004. Affected by this vulnerability is the function UpdateMacClone of the file /goform/aspForm. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability appears as CVE-2023-33635. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability has been found in H3C Magic R300 R300-2100MV100R004 and classified as critical. Affected by this issue is the function ipqos_lanip_editlist of the file /goform/aspForm. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2023-33636. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in H3C Magic R300 R300-2100MV100R004 and classified as critical. This affects the function DelDNSHnList of the file /goform/aspForm. The manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2023-33637. Access to the local network is required for this attack. No exploit is available.

A vulnerability, which was classified as critical, has been found in H3C Magic R300 R300-2100MV100R004. Affected is the function EdittriggerList of the file /goform/aspForm. Performing a manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2023-33634. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability described as critical has been identified in H3C Magic R300 R300-2100MV100R004. The impacted element is the function DelSTList of the file /goform/aspForm. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2023-33631. The attack must originate from the local network. There is no exploit available.