Vuldb Updates

A vulnerability has been found in Linux Kernel up to 6.12.62/6.17.12/6.18.1 and classified as critical. This issue affects the function do_setattr of the file /smack/relabel-self. The manipulation leads to privilege escalation. This vulnerability is listed as CVE-2025-68733. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.62/6.17.12/6.18.1. The affected element is the function update_effective_progs of the component bpf. Such manipulation leads to injection. This vulnerability is referenced as CVE-2025-68742. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.62/6.17.12/6.18.1. The impacted element is the function bpf_obj_free_fields. Performing a manipulation results in privilege escalation. This vulnerability is identified as CVE-2025-68744. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.62/6.17.12/6.18.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component tegra210-quad. Executing a manipulation of the argument curr_xfer can lead to denial of service. This vulnerability appears as CVE-2025-68746. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.5.4/18.6.2/18.7.0. It has been classified as problematic. This impacts an unknown function of the component Asset Proxy Protection. This manipulation causes exposure of private personal information to an unauthorized actor. This vulnerability is handled as CVE-2025-3950. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 18.5.4/18.6.2/18.7.0. This issue affects some unknown processing of the component GraphQL Runner Association Handler. Such manipulation leads to insufficient granularity of access control. This vulnerability is documented as CVE-2025-11246. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability has been found in GitLab Enterprise Edition up to 18.5.4/18.6.2/18.7.0 and classified as critical. The impacted element is an unknown function of the component API Request Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-13772. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 18.5.4/18.6.2/18.7.0. The affected element is an unknown function of the component External API Call Handler. Executing a manipulation can lead to allocation of resources. This vulnerability appears as CVE-2025-10569. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as critical. Impacted is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. The identification of this vulnerability is CVE-2026-0850. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Online Music Site 1.0. It has been rated as critical. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. This vulnerability is referenced as CVE-2026-0851. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in Microsoft Windows up to Server 2019. The impacted element is an unknown function in the library HTTP.sys of the component HTTP2 Handler. Performing a manipulation results in resource consumption. This vulnerability is identified as CVE-2019-9518. The attack can be initiated remotely. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability described as critical has been identified in HTTP2. This issue affects some unknown processing of the component Empty Frame Handler. Such manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2019-9518. The attack can be launched remotely. No exploit exists. This vulnerability is historically impactful due to its background and the reception it garnered. Restrictive firewalling should be applied.

A vulnerability described as critical has been identified in Microsoft Windows up to Server 2019. The affected element is an unknown function in the library HTTP.sys of the component HTTP2 Handler. Such manipulation leads to resource consumption. This vulnerability is referenced as CVE-2019-9514. It is possible to launch the attack remotely. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability was found in HTTP2. It has been classified as critical. This affects an unknown function of the component SETTING Frame Handler. This manipulation causes resource consumption. This vulnerability is registered as CVE-2019-9515. Remote exploitation of the attack is possible. No exploit is available. This vulnerability is historically significant due to its background and the way it was received. It is advisable to implement restrictive firewalling.

A vulnerability marked as critical has been reported in HTTP2. This vulnerability affects unknown code of the component Reset Handler. This manipulation as part of Request causes resource consumption. This vulnerability is handled as CVE-2019-9514. The attack can be initiated remotely. There is not any exploit available. This vulnerability is considered historic because of its background and reception. It is advisable to implement restrictive firewalling.

A vulnerability labeled as critical has been found in Microsoft Windows up to Server 2019. This issue affects some unknown processing in the library HTTP.sys of the component HTTP2 Handler. The manipulation results in resource consumption. This vulnerability was named CVE-2019-9512. The attack may be performed from remote. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability identified as critical has been detected in HTTP2. Affected by this issue is some unknown functionality of the component Ping Handler. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2019-9512. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Log4j and classified as critical. This affects the function SocketServer of the component Deserialization. Such manipulation leads to deserialization. This vulnerability is listed as CVE-2019-17571. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0. It has been rated as very critical. This vulnerability affects unknown code of the component Console. This manipulation causes deserialization. This vulnerability is registered as CVE-2019-17571. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as very critical, has been found in Oracle Communications Unified Assurance up to 5.5.9/6.0.1. This issue affects some unknown processing of the component Message Bus. Performing a manipulation results in deserialization. This vulnerability is identified as CVE-2019-17571. The attack can be initiated remotely. There is not any exploit available.