VulDB Recent Entries

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been declared as critical. This vulnerability affects the function tcf_exts_miss_cookie_base_alloc. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-21857. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been classified as critical. This affects the function map_freeze. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-21853. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc2 and classified as critical. Affected by this issue is the function queue_work. The manipulation leads to deadlock. This vulnerability is handled as CVE-2025-21859. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. Affected is the function geneve_find_dev of the file drivers/net/geneve.c. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-21858. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.16/6.13.4/6.14-rc3 and classified as critical. Affected by this vulnerability is the function kfree_skb of the file kfree_skb_sk_null.bpf.c. The manipulation of the argument raw_tp_null_args[] leads to null pointer dereference. This vulnerability is known as CVE-2025-21852. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.13.4/6.14-rc3. This vulnerability affects the function zswap_store_page. The manipulation leads to denial of service. This vulnerability was named CVE-2025-21860. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. This issue affects the function tx_bytes of the component ibmvnic. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-21855. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. This affects the function vsock_proto::psock_update_sk_prot. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-21854. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.16/6.13.4/6.14-rc3. It has been rated as critical. Affected by this issue is the function arena_map_free. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2025-21851. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. It has been declared as critical. Affected by this vulnerability is the function nfp_app_ctrl_msg_alloc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-21848. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been classified as critical. Affected is the function sof_ipc_msg_data. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-21847. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3 and classified as critical. This issue affects the function bpf_local_storage_map_free. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2024-58088. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.16/6.13.4/6.14-rc3 and classified as critical. This vulnerability affects the function spin_lock_irqsave. The manipulation leads to deadlock. This vulnerability was named CVE-2025-21849. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. This affects the function exit_fs of the file /sys/power/resume. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-21846. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. Affected by this issue is the function receive_encrypted_standard of the component SMB Client. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-21844. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.13.4/6.14-rc3. Affected by this vulnerability is the function submit_bio of the component nvmet. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-21850. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.16/6.13.4/6.14-rc3. Affected is the function sst_nor_write_data of the file drivers/mtd/spi-nor/sst.c of the component mtd. The manipulation leads to state issue. This vulnerability is traded as CVE-2025-21845. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.16/6.13.4. It has been rated as problematic. This issue affects the function btrfs_run_delalloc_range of the component btrfs. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-58089. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in softaculous Page Builder Plugin up to 1.9.8 on WordPress. It has been declared as critical. This vulnerability affects the function pagelayer_builder_posts_shortcode of the component Pagelayer. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-13430. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.15.175/6.1.120/6.6.66/6.12.5. It has been classified as critical. This affects an unknown part of the component ksmbd. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2024-58087. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.