Aggregator

A vulnerability was found in itsourcecode Online Loan Management System 1.0. It has been classified as critical. This issue affects some unknown processing of the file /manage_borrower.php. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2025-12606. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in itsourcecode Online Loan Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /manage_loan.php. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2025-12605. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in itsourcecode Online Loan Management System 1.0 and classified as critical. This affects an unknown part of the file /load_fields.php. The manipulation of the argument loan_id leads to sql injection. This vulnerability is listed as CVE-2025-12604. The attack may be initiated remotely. In addition, an exploit is available.

Submit #678244 / VDB-330898

Submit #678243 / VDB-330897

Submit #678238 / VDB-330896

Submit #678231 / VDB-330895

Submit #678229 / VDB-330894

Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was found in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4. It has been rated as critical. The affected element is the function cs40l50_upload_owt of the component cs40l50-vibra. This manipulation causes null pointer dereference. This vulnerability appears as CVE-2025-38381. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.1.143/6.6.96/6.12.36/6.15.5/6.16-rc4. The impacted element is the function __inode_add_ref of the component btrfs. Such manipulation leads to improper initialization. This vulnerability is traded as CVE-2025-38382. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.36/6.15.5. This issue affects the function show_numa_info. Executing manipulation can lead to allocation of resources. This vulnerability is tracked as CVE-2025-38383. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.15.5/6.16-rc4. This issue affects the function appletb_kbd_probe of the component HID. Such manipulation leads to use after free. This vulnerability is listed as CVE-2025-38378. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.16-rc4. It has been classified as critical. This issue affects the function rose_rt_device_down. The manipulation leads to use after free. This vulnerability is documented as CVE-2025-38377. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.6.96/6.12.36/6.15.5/6.16-rc1/6.16-rc4. It has been declared as problematic. This affects the function smb2_reconnect_server of the file kernel/workqueue.c of the component smb. Such manipulation leads to uninitialized pointer. This vulnerability is documented as CVE-2025-38379. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.16-rc4. The impacted element is the function xdp_linearize_page of the component virtio-net. Executing manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2025-38375. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4 and classified as critical. This vulnerability affects the function notif_callback of the file kernel/locking/mutex.c of the component optee. Executing manipulation can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2025-38374. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.6.96/6.12.36/6.15.5/6.16-rc4. Affected by this issue is some unknown functionality of the component usb. Executing manipulation can lead to state issue. This vulnerability is handled as CVE-2025-38376. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4/5297f5ddffef47b94172ab0d3d62270002a3dcc1 and classified as problematic. The impacted element is the function kzalloc. The manipulation leads to allocation of resources. This vulnerability is documented as CVE-2025-38373. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.16-rc4 and classified as critical. This affects the function i2c_brcmstb of the component CPU Feature. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-38371. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.