Vuldb Updates

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.5.3. Impacted is the function unix_release_sock of the component af_unix. The manipulation results in race condition. This vulnerability was named CVE-2023-54006. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in matio 1.5.18/1.5.19/1.5.20/1.5.21. The affected element is the function Readt32DataDouble. Executing a manipulation can lead to heap-based buffer overflow. The identification of this vulnerability is CVE-2020-36428. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in matio 1.5.28. It has been rated as problematic. This issue affects the function Mat_VarCreateStruct. The manipulation of the argument fields leads to out-of-bounds read. This vulnerability is documented as CVE-2025-50343. The attack requires being on the local network. Additionally, an exploit exists.

A vulnerability was found in Linux Kernel up to 6.4.10. It has been classified as critical. This affects the function binder_init. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2023-54005. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.3.4 and classified as critical. The affected element is the function __sk_mem_raise_allocated. Executing a manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2023-54004. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.28/6.2.15/6.3.2. The impacted element is the function exclusive_operation of the file fs/btrfs/ioctl.c of the component btrfs. Executing a manipulation can lead to reachable assertion. This vulnerability appears as CVE-2023-54002. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.240/5.10.177/5.15.107/6.1.24/6.2.11. It has been rated as critical. Affected is the function create_ah. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2023-54003. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 5.10.189/5.15.123/6.1.42/6.4.7. It has been classified as critical. The impacted element is the function _r8712_init_xmit_priv. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2023-54001. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.1.45/6.4.10. It has been declared as critical. This impacts the function napi_disable. Such manipulation leads to deadlock. This vulnerability is traded as CVE-2023-54000. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Totolink A7000R 4.1cu.4154 and classified as critical. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. This vulnerability is handled as CVE-2026-1623. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in D-Link DWR-M961 1.1.47 and classified as critical. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. This vulnerability is uniquely identified as CVE-2026-1624. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in D-Link DWR-M961 1.1.47. It has been classified as critical. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. This vulnerability was named CVE-2026-1625. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in D-Link DWR-M961 1.1.47. It has been rated as critical. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. This vulnerability is tracked as CVE-2026-1596. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. This vulnerability is listed as CVE-2026-1597. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Information Module. Performing a manipulation of the argument fullname results in cross site scripting. This vulnerability is cataloged as CVE-2026-1598. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as problematic has been found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Checkout. Executing a manipulation of the argument orggrandTotal/vat/service_charge/grandtotal can lead to business logic errors. This vulnerability is registered as CVE-2026-1599. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as problematic has been reported in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component Add-to-Cart Submission Endpoint. The manipulation of the argument price/allprice leads to business logic errors. This vulnerability is documented as CVE-2026-1600. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. This vulnerability is tracked as CVE-2026-1601. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. This vulnerability is reported as CVE-2026-1610. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in matio up to 1.5.21. It has been declared as problematic. This impacts the function Mat_VarReadNextInfo5 of the file mat5.c of the component File Handler. The manipulation results in memory leak. This vulnerability is cataloged as CVE-2022-1515. The attack must originate from the local network. There is no exploit available.