Vuldb Updates

A vulnerability labeled as critical has been found in cym1102 nginxWebUI up to 3.9.9. Affected is the function exec of the file /adminPage/conf/reload. Executing manipulation of the argument nginxExe can lead to deserialization. This vulnerability appears as CVE-2024-3740. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Ruijie RG-UAC up to 20240419. This vulnerability affects unknown code of the file /view/network Config/GRE/gre_edit_commit.php. Executing manipulation of the argument Name can lead to os command injection. The identification of this vulnerability is CVE-2024-4255. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Ruijie RG-UAC 1.0 and classified as critical. The affected element is an unknown function of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename results in os command injection. This vulnerability is cataloged as CVE-2024-6184. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Ruijie RG-UAC 1.0. It has been declared as critical. This affects an unknown function of the file /view/userAuthentication/SSO/commit.php. Such manipulation of the argument ad_log_name leads to os command injection. This vulnerability is documented as CVE-2024-6186. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Ruijie RG-UAC 1.0. It has been rated as critical. This impacts an unknown function of the file /view/vpn/autovpn/sub_commit.php. Performing manipulation of the argument key results in os command injection. This vulnerability is reported as CVE-2024-6187. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in Ruijie RG-UAC 1.0. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. Performing manipulation of the argument indevice results in command injection. This vulnerability is identified as CVE-2024-6269. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Siemens SINEMA Remote Connect Client up to 3.2 and classified as critical. This vulnerability affects unknown code of the component Configuration Handler. Such manipulation leads to command injection. This vulnerability is referenced as CVE-2024-39567. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Htmly 2.9.5 and classified as problematic. This issue affects some unknown processing of the component Menu Editor Module. This manipulation of the argument Link Name causes cross site scripting. This vulnerability is tracked as CVE-2024-30953. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in vanessa219 Vditor 3.10.3. It has been rated as problematic. The impacted element is an unknown function of the component Element Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-34449. It is possible to initiate the attack remotely. There is no exploit available. It is still unclear if this vulnerability genuinely exists. It is recommended to change the configuration settings.

A vulnerability, which was classified as critical, has been found in Flatpak. Affected is an unknown function. This manipulation causes argument injection. This vulnerability is registered as CVE-2024-32462. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in aio-libs aiohttp up to 3.9.3. This issue affects some unknown processing of the component Index Pages. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2024-27306. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in SQLite 3.30.1. Affected by this issue is some unknown functionality of the component CREATE Statement Handler. Executing manipulation as part of Table Name can lead to improper privilege management. This vulnerability appears as CVE-2019-19603. The attack may be performed from a remote location. There is no available exploit.

A vulnerability labeled as critical has been found in SQLite up to 3.32.0. Impacted is the function sqlite3ExprCodeTarget of the file expr.c. Executing manipulation can lead to improper initialization. This vulnerability appears as CVE-2020-13435. The attack may be performed from a remote location. There is no available exploit.

A vulnerability was found in Google Chrome and classified as problematic. Affected by this issue is some unknown functionality of the component SQLite. Such manipulation as part of HTML Page leads to information disclosure. This vulnerability is documented as CVE-2019-13751. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component WebSQL. Executing manipulation as part of HTML Page can lead to integer overflow. This vulnerability appears as CVE-2019-5827. The attack may be performed from a remote location. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in Sanluan PublicCMS up to 5.202506.a. Affected by this issue is some unknown functionality of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. Executing manipulation of the argument File can lead to open redirect. This vulnerability appears as CVE-2025-7953. The attack may be performed from a remote location. In addition, an exploit is available. A patch should be applied to remediate this issue.

A vulnerability was found in Huawei HarmonyOS 5.0.1/5.0.2. It has been classified as critical. The impacted element is an unknown function of the component Virtualization Base Module. Performing manipulation results in time-of-check time-of-use. This vulnerability is reported as CVE-2025-54655. The attack requires a local approach. No exploit exists.

A vulnerability described as problematic has been identified in Huawei HarmonyOS 5.0.1. Affected by this issue is some unknown functionality of the component Lock Screen Module. Executing manipulation can lead to business logic errors. This vulnerability is handled as CVE-2025-54606. The physical device can be targeted for the attack. There is not any exploit available.

A vulnerability was found in Huawei HarmonyOS 5.0.1/5.1.0. It has been rated as critical. Affected is an unknown function of the component Screen Management Module. This manipulation causes improper access controls. This vulnerability is registered as CVE-2025-54608. The attack needs to be launched locally. No exploit is available.

A vulnerability was found in Huawei HarmonyOS 5.0.1/5.1.0. It has been classified as critical. This vulnerability affects unknown code of the component ArkWeb Module. Performing manipulation results in improper certificate validation. This vulnerability is identified as CVE-2025-54607. The attack can be initiated remotely. There is not any exploit available.