Vuldb Updates

A vulnerability was found in Linux Kernel up to 6.17-rc1 and classified as critical. Impacted is the function ets_class_qlen_notify. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-38684. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.1.148/6.6.102/6.12.42/6.15.10/6.16.1. This issue affects the function event_seq_changed. Performing manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2025-38679. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16.1. It has been rated as critical. Affected by this vulnerability is the function uvc_parse_format. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-38680. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Dell PowerProtect Data Domain with Data Domain Operating System of Feature Release, PowerProtect Data Domain with Data Domain Operating System LTS2025, PowerProtect Data Domain with Data Domain Operating System LTS2024 and PowerProtect Data Domain with Data Domain Operating System LTS2023 up to 8.3.1.0. The impacted element is an unknown function. Performing manipulation results in path traversal: '.../...//'. This vulnerability was named CVE-2025-43907. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Nagios Log Server up to 2024R1.3.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch of the component Elasticsearch Service. Such manipulation leads to incorrect authorization. This vulnerability is documented as CVE-2025-44824. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Dell PowerProtect Data Domain with Data Domain Operating System of Feature Release, PowerProtect Data Domain with Data Domain Operating System LTS2024 and PowerProtect Data Domain with Data Domain Operating System LTS2023 up to 8.1.0.10 and classified as critical. This vulnerability affects unknown code. Performing manipulation results in os command injection. This vulnerability is identified as CVE-2025-36569. The attack is only possible with local access. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, has been found in SummerNote 0.8.18. This affects an unknown function of the component Code View. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-37629. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in B&R Industrial Automation Automation Runtime up to Q4.92. Affected is an unknown function. Executing manipulation can lead to improper resource locking. This vulnerability appears as CVE-2025-3450. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-11435. The attack can be initiated remotely. Additionally, an exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability labeled as critical has been found in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2025-11436. The attack can be launched remotely. Moreover, an exploit is present. It is advisable to implement a patch to correct this issue.

A vulnerability marked as problematic has been reported in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-11437. The attack may be initiated remotely. In addition, an exploit is available. This issue is currently under review for additional handling. As of right now the vendor has stated that the feature is disabled until the user has configured their own domain which will mitigate this attack vector.

A vulnerability, which was classified as critical, has been found in Chartify Plugin up to 3.5.9 on WordPress. The affected element is an unknown function. Performing manipulation results in missing authentication. This vulnerability is identified as CVE-2025-11171. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in itsourcecode Leave Management System 1.0. It has been declared as critical. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql injection. This vulnerability is listed as CVE-2025-11432. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in itsourcecode Leave Management System 1.0. It has been rated as problematic. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing manipulation of the argument ID results in cross site scripting. This vulnerability is cataloged as CVE-2025-11433. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing manipulation of the argument uname can lead to sql injection. This vulnerability is registered as CVE-2025-11434. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in RegistrationMagic Plugin up to 6.0.6.2 on WordPress. The impacted element is an unknown function. Executing manipulation can lead to sql injection. This vulnerability is tracked as CVE-2025-11204. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Dell PowerProtect Data Domain with Data Domain Operating System of Feature Release, PowerProtect Data Domain with Data Domain Operating System LTS2024 and PowerProtect Data Domain with Data Domain Operating System LTS2023 up to 8.1.0.10. It has been declared as critical. This vulnerability affects unknown code. Executing manipulation can lead to argument injection. This vulnerability is registered as CVE-2025-36565. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in NASA ION-DTN 4.1.3s. Impacted is an unknown function. The manipulation results in uncontrolled memory allocation. This vulnerability is reported as CVE-2025-61910. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Dell PowerProtect Data Domain with Data Domain Operating System of Feature Release, PowerProtect Data Domain with Data Domain Operating System LTS2024 and PowerProtect Data Domain with Data Domain Operating System LTS2023 up to 8.1.0.10 and classified as critical. This issue affects some unknown processing. Executing manipulation can lead to os command injection. This vulnerability is tracked as CVE-2025-36567. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. This vulnerability is traded as CVE-2025-11408. The attack may be launched remotely. Furthermore, there is an exploit available.