Vuldb Updates

A vulnerability, which was classified as problematic, has been found in SummerNote 0.8.18. This affects an unknown function of the component Code View. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-37629. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in B&R Industrial Automation Automation Runtime up to Q4.92. Affected is an unknown function. Executing manipulation can lead to improper resource locking. This vulnerability appears as CVE-2025-3450. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-11435. The attack can be initiated remotely. Additionally, an exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability labeled as critical has been found in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2025-11436. The attack can be launched remotely. Moreover, an exploit is present. It is advisable to implement a patch to correct this issue.

A vulnerability marked as problematic has been reported in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-11437. The attack may be initiated remotely. In addition, an exploit is available. This issue is currently under review for additional handling. As of right now the vendor has stated that the feature is disabled until the user has configured their own domain which will mitigate this attack vector.

A vulnerability, which was classified as critical, has been found in Chartify Plugin up to 3.5.9 on WordPress. The affected element is an unknown function. Performing manipulation results in missing authentication. This vulnerability is identified as CVE-2025-11171. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in itsourcecode Leave Management System 1.0. It has been declared as critical. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql injection. This vulnerability is listed as CVE-2025-11432. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in itsourcecode Leave Management System 1.0. It has been rated as problematic. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing manipulation of the argument ID results in cross site scripting. This vulnerability is cataloged as CVE-2025-11433. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing manipulation of the argument uname can lead to sql injection. This vulnerability is registered as CVE-2025-11434. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in RegistrationMagic Plugin up to 6.0.6.2 on WordPress. The impacted element is an unknown function. Executing manipulation can lead to sql injection. This vulnerability is tracked as CVE-2025-11204. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Dell PowerProtect Data Domain with Data Domain Operating System of Feature Release, PowerProtect Data Domain with Data Domain Operating System LTS2024 and PowerProtect Data Domain with Data Domain Operating System LTS2023 up to 8.1.0.10. It has been declared as critical. This vulnerability affects unknown code. Executing manipulation can lead to argument injection. This vulnerability is registered as CVE-2025-36565. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in NASA ION-DTN 4.1.3s. Impacted is an unknown function. The manipulation results in uncontrolled memory allocation. This vulnerability is reported as CVE-2025-61910. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Dell PowerProtect Data Domain with Data Domain Operating System of Feature Release, PowerProtect Data Domain with Data Domain Operating System LTS2024 and PowerProtect Data Domain with Data Domain Operating System LTS2023 up to 8.1.0.10 and classified as critical. This issue affects some unknown processing. Executing manipulation can lead to os command injection. This vulnerability is tracked as CVE-2025-36567. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. This vulnerability is traded as CVE-2025-11408. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Nagios Log Server up to 2024R1.3.1 and classified as problematic. This affects an unknown function of the file /nagioslogserver/index.php/api/system/get_users of the component Administrative API Key Handler. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is listed as CVE-2025-44823. The attack may be initiated remotely. In addition, an exploit is available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in B&R Industrial Automation Automation Runtime up to 6.3. This affects an unknown part. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-3448. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. This vulnerability appears as CVE-2025-11407. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in INN 2.2.3. It has been rated as problematic. This affects an unknown function of the file /tmp of the component Configuration Handler. The manipulation leads to symlink following. This vulnerability is documented as CVE-2001-0139. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability marked as problematic has been reported in linuxconf 1.23r. Affected by this issue is some unknown functionality of the file vpop3d. Performing manipulation results in symlink following. This vulnerability is known as CVE-2001-0143. Attacking locally is a requirement. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in ProFTPD 1.2.0rc2 and classified as problematic. Impacted is an unknown function of the component Command Handler. Such manipulation of the argument USER/SIZE leads to improper resource management. This vulnerability is listed as CVE-2001-0136. The attack may be performed from remote. In addition, an exploit is available. It is suggested to upgrade the affected component.