Vuldb Updates

A vulnerability labeled as critical has been found in Apple iOS and iPadOS up to 18.7.6/26.1. This vulnerability affects unknown code of the component Activation Lock. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2025-43534. The physical device can be targeted for the attack. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Apple macOS up to 14.8.4/15.7.4/26.3. This issue affects some unknown processing of the component App. The manipulation leads to permission issues. This vulnerability is referenced as CVE-2026-20607. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. This vulnerability appears as CVE-2026-4781. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Apple macOS up to 14.8.4/15.7.4/26.3. This affects an unknown function of the component Symlink Handler. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2026-20633. The attack must be initiated from a local position. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. This vulnerability is reported as CVE-2026-4780. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in nats-io nats-server up to 2.11.14/2.12.5. It has been declared as problematic. This impacts an unknown function of the component Websockets Client Service. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2026-33219. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in nats-io nats-server up to 2.11.14/2.12.5. Affected by this issue is some unknown functionality of the component JetStream. The manipulation leads to authorization bypass. This vulnerability is documented as CVE-2026-33222. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in GIMP. It has been classified as problematic. Impacted is an unknown function of the component PCX File Loader. Performing a manipulation results in off-by-one. This vulnerability is cataloged as CVE-2026-4887. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in nats-io nats-server up to 2.11.14/2.12.5. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to incorrect authorization. This vulnerability is registered as CVE-2026-33217. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in fontconfig up to 2.17.0. Affected is an unknown function of the file fcfreetype.c of the component FcFontCapabilities. The manipulation results in off-by-one. This vulnerability is known as CVE-2026-34085. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical was found in pnggroup libpng up to 1.6.36. Impacted is an unknown function. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2026-33636. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in nats-io nats-server up to 2.11.14/2.12.5. This vulnerability affects unknown code of the file /debug/vars. Performing a manipulation results in insertion of sensitive information into debugging code. This vulnerability is cataloged as CVE-2026-33247. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2 and classified as critical. The affected element is the function ocfs2_find_victim_chain. Such manipulation of the argument cl_next_free_rec leads to allocation of resources. This vulnerability is referenced as CVE-2025-68771. The attack needs to be initiated within the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2 and classified as critical. Impacted is the function f2fs_write_cache_pages. This manipulation causes race condition. The identification of this vulnerability is CVE-2025-68772. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.63/6.18.2/6.19-rc1. This vulnerability affects the function bnxt_rx_xdp. The manipulation leads to excessive iteration. This vulnerability is uniquely identified as CVE-2025-68770. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2. This affects the function f2fs_recover_fsync_data. Executing a manipulation can lead to unchecked return value. This vulnerability is handled as CVE-2025-68769. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.18.2/6.19-rc1 and classified as critical. This affects the function fqdir_pre_exit of the component inet. The manipulation leads to deadlock. This vulnerability is referenced as CVE-2025-68768. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.159/6.6.119/6.12.63/6.18.2 and classified as critical. This vulnerability affects unknown code of the component hfsplus. The manipulation results in improper initialization. This vulnerability is identified as CVE-2025-68767. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in nats-io nats-server up to 2.11.14/2.12.5. This vulnerability affects the function verify_and_map of the component mTLS. This manipulation causes improper certificate validation. This vulnerability appears as CVE-2026-33248. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in nats-io nats-server up to 2.11.14/2.12.5. This affects an unknown part of the component Nats-Request-Info Identity Header Handler. The manipulation results in authentication bypass by spoofing. This vulnerability is reported as CVE-2026-33246. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.