Vuldb Updates

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.17.1. This issue affects the function qla_create_qpair. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2022-49155. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.18.2. Affected is the function printk. The manipulation leads to deadlock. This vulnerability is traded as CVE-2022-49441. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.2. It has been classified as critical. This affects the function pvr2_i2c_core_init. The manipulation leads to improper initialization. This vulnerability is uniquely identified as CVE-2022-49478. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.17.1. Affected by this vulnerability is the function nfssvc_decode_writeargs of the file fs/nfsd/nfsxdr.c. The manipulation leads to insufficient verification of data authenticity. This vulnerability is known as CVE-2022-49280. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.18.2. This affects the function virtio_gpu_conn_get_modes. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49532. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.13.3/6.14-rc2. Affected by this issue is some unknown functionality of the component uring_cmd. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-21837. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 13.6/14.6/15.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component App. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-30443. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sophos Cyberoam OS up to 2020-12-04 and classified as critical. This issue affects some unknown processing of the component WebAdmin. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2020-29574. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.7. Affected by this vulnerability is the function iio_trigger_put of the component mma8452. The manipulation leads to use after free. This vulnerability is known as CVE-2021-47500. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.12.12. Affected is the function synproxy_parse_options. The manipulation leads to out-of-bounds read. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2021-47245. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.12.3 and classified as problematic. This issue affects the function spi_unregister_controller in the library lib/refcount.c. The manipulation leads to use after free. The identification of this vulnerability is CVE-2021-46959. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.7 and classified as critical. This issue affects the function vfs_setlease of the component nfsd. The manipulation leads to use after free. The identification of this vulnerability is CVE-2021-47506. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mod_wsgi. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Client-IP leads to use of less trusted source. The identification of this vulnerability is CVE-2022-2255. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in LightPress Lightbox Plugin up to 2.3.3 on WordPress. This issue affects some unknown processing of the component Non-Javascript URL Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-3649. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Awin Plugin up to 2.0.0 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-47633. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function frmL7ImForm. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-45514. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Senayan Library Management System Bulian 9.6.1. It has been rated as critical. This issue affects some unknown processing of the file admin/modules/master_file/author.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-45819. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Senayan Library Management System Bulian 9.6.1. Affected is the function master_file of the file admin/modules/master_file/item_status.php. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-45818. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in TOTOLINK NR1800X 9.1.0u.6681_B20230703. It has been declared as critical. Affected by this vulnerability is the function setSmsCfg. The manipulation of the argument text leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-45841. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. The identification of this vulnerability is CVE-2025-4012. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.