Vuldb Updates

A vulnerability classified as problematic was found in Trend Micro Worry-Free Business Security. This impacts an unknown function. The manipulation results in uncontrolled search path. This vulnerability is cataloged as CVE-2025-49487. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in M-Files Server. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation results in path traversal. This vulnerability is reported as CVE-2025-5964. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. It has been classified as critical. Affected is the function SysLogController of the file platform-admin/src/main/java/com/platform/controller/SysLogController.java. The manipulation of the argument key leads to sql injection. This vulnerability is listed as CVE-2025-7935. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

A vulnerability was found in transformeroptimus superagi 0.0.14. It has been declared as critical. Affected by this issue is the function os.path.join/get_root_input_dir of the component File Upload Endpoint. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2025-51475. The attack may be launched remotely. There is no exploit available.

A vulnerability described as critical has been identified in Ollama 0.6.7. The impacted element is the function server.auth.getAuthorizationToken of the file /api/pull. The manipulation of the argument realm results in improper access controls. This vulnerability is known as CVE-2025-51471. It is possible to launch the attack remotely. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability classified as critical was found in Onyx Enterprise Edition 0.27.0. This impacts an unknown function of the file /api/manage/admin/user-group/id of the component PATCH Request Handler. Such manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2025-51479. The attack can be launched remotely. No exploit exists. A patch should be applied to remediate this issue.

A vulnerability was found in TransformerOptimus SuperAGI 0.0.14. It has been rated as critical. Affected by this vulnerability is the function AgentTemplate.eval_agent_config of the component Agent Template Configuration. This manipulation causes code injection. This vulnerability is tracked as CVE-2025-51472. The attack is possible to be carried out remotely. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability categorized as problematic has been discovered in RAGFlow 0.17.2. Affected by this issue is the function api.apps.dialog_app.set_dialog. Such manipulation of the argument assistant greeting leads to cross site scripting. This vulnerability is listed as CVE-2025-51462. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /pages/save_room.php. The manipulation of the argument floorno leads to sql injection. This vulnerability is referenced as CVE-2025-11399. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /del_room.php. The manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-11400. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0 and classified as critical. Affected is an unknown function of the file /pages/save_curr.php. This manipulation of the argument currcode causes sql injection. This vulnerability is tracked as CVE-2025-11401. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in Vasion Print Virtual Appliance Host and Print Application. Impacted is the function console_release of the file /var/www/app/console_release/hp/installApp.php. Executing manipulation of the argument printer_vo can lead to missing authentication. This vulnerability is registered as CVE-2025-34229. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Vasion Print Virtual Appliance Host and Print Application. The affected element is an unknown function of the file /var/www/app/console_release/hp/log_off_single_sign_on.php. The manipulation of the argument printer_vo leads to missing authentication. This vulnerability is documented as CVE-2025-34230. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability described as critical has been identified in Vasion Print Virtual Appliance Host and Print Application. This impacts the function processCurl of the file /var/www/app/console_release/hp/badgeSetup.php. Such manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-34231. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in yt-dlp up to 2025.06.25 on Windows. The impacted element is an unknown function of the component Command Line Handler. Such manipulation of the argument --exec leads to os command injection. This vulnerability is traded as CVE-2025-54072. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

It seems this issue is a false-positive. Please confirm the sources provided and consider disregarding this entry.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.47/6.16.7. Affected is the function __put_cred. The manipulation results in privilege escalation. This vulnerability is known as CVE-2025-39912. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.16.7. This affects the function phy_config_inband. Executing manipulation can lead to deserialization. This vulnerability is tracked as CVE-2025-39915. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.45/6.16.5. It has been declared as critical. This impacts the function ixgbe_lp_map. Executing manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2025-39922. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.45/6.16.5. Affected is the function disable_work_sync. Such manipulation leads to use after free. This vulnerability is listed as CVE-2025-39896. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.