Aggregator

A vulnerability categorized as critical has been discovered in Azure Access BLU-IC2 and BLU-IC4 up to 1.19.5. The impacted element is an unknown function of the file /etc/avahi/services/z9.service. Executing manipulation can lead to out-of-bounds write. This vulnerability appears as CVE-2025-12602. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in itsourcecode Online Loan Management System 1.0. It has been rated as critical. The affected element is an unknown function of the file /manage_user.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2025-12608. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in itsourcecode Online Loan Management System 1.0. It has been declared as critical. Impacted is an unknown function of the file /manage_payment.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2025-12607. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in itsourcecode Online Loan Management System 1.0. It has been classified as critical. This issue affects some unknown processing of the file /manage_borrower.php. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2025-12606. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in itsourcecode Online Loan Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /manage_loan.php. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2025-12605. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in itsourcecode Online Loan Management System 1.0 and classified as critical. This affects an unknown part of the file /load_fields.php. The manipulation of the argument loan_id leads to sql injection. This vulnerability is listed as CVE-2025-12604. The attack may be initiated remotely. In addition, an exploit is available.

Submit #678244 / VDB-330898

Submit #678243 / VDB-330897

Submit #678238 / VDB-330896

Submit #678231 / VDB-330895

Submit #678229 / VDB-330894

Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was found in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4. It has been rated as critical. The affected element is the function cs40l50_upload_owt of the component cs40l50-vibra. This manipulation causes null pointer dereference. This vulnerability appears as CVE-2025-38381. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.1.143/6.6.96/6.12.36/6.15.5/6.16-rc4. The impacted element is the function __inode_add_ref of the component btrfs. Such manipulation leads to improper initialization. This vulnerability is traded as CVE-2025-38382. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.36/6.15.5. This issue affects the function show_numa_info. Executing manipulation can lead to allocation of resources. This vulnerability is tracked as CVE-2025-38383. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.15.5/6.16-rc4. This issue affects the function appletb_kbd_probe of the component HID. Such manipulation leads to use after free. This vulnerability is listed as CVE-2025-38378. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.16-rc4. It has been classified as critical. This issue affects the function rose_rt_device_down. The manipulation leads to use after free. This vulnerability is documented as CVE-2025-38377. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.6.96/6.12.36/6.15.5/6.16-rc1/6.16-rc4. It has been declared as problematic. This affects the function smb2_reconnect_server of the file kernel/workqueue.c of the component smb. Such manipulation leads to uninitialized pointer. This vulnerability is documented as CVE-2025-38379. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.16-rc4. The impacted element is the function xdp_linearize_page of the component virtio-net. Executing manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2025-38375. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4 and classified as critical. This vulnerability affects the function notif_callback of the file kernel/locking/mutex.c of the component optee. Executing manipulation can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2025-38374. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.