Vuldb Updates

A vulnerability labeled as problematic has been found in Acme Labs thttpd 2.16/2.17/2.18/2.19. The affected element is an unknown function. The manipulation results in path traversal. This vulnerability is known as CVE-2000-0900. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Apple macOS. It has been declared as critical. The affected element is an unknown function of the component Sandbox. Executing manipulation can lead to memory corruption. This vulnerability is registered as CVE-2023-23530. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in Apple tvOS up to 16.3.3. This issue affects some unknown processing of the component Core Bluetooth. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2023-23528. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Apple iOS and iPadOS up to 16.3.0. This impacts an unknown function of the component WebKit. The manipulation results in type confusion. This vulnerability is cataloged as CVE-2023-23529. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Apple macOS up to 13.2.0. Affected by this issue is some unknown functionality of the component WebKit. Performing manipulation results in type confusion. This vulnerability is reported as CVE-2023-23529. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple Safari up to 16.3.0. This affects an unknown part of the component WebKit. Executing manipulation can lead to type confusion. This vulnerability appears as CVE-2023-23529. The attack may be performed from remote. In addition, an exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS up to 16.3.1. This vulnerability affects unknown code of the component Core Bluetooth. Performing manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2023-23528. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in Apple watchOS up to 9.3.1. This affects an unknown function of the component AppleMobileFileIntegrity. The manipulation leads to improper access controls. This vulnerability is referenced as CVE-2023-23527. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple macOS up to 13.2.1. This issue affects some unknown processing of the component AppleMobileFileIntegrity. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2023-23527. The attack must be carried out locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Apple tvOS up to 16.3.3. This vulnerability affects unknown code of the component AppleMobileFileIntegrity. This manipulation causes improper access controls. The identification of this vulnerability is CVE-2023-23527. The attack can only be executed locally. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Protected Pages up to 1.7.x on Drupal and classified as problematic. This affects an unknown part. This manipulation causes improper restriction of excessive authentication attempts. This vulnerability is tracked as CVE-2025-9551. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical has been found in Drupal Synchronize composer.json with Contrib Modules. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-9552. The attack can only be initiated within the local network. No exploit exists.

A vulnerability, which was classified as critical, has been found in API Key Manager on Drupal. This vulnerability affects unknown code. This manipulation causes privilege escalation. The identification of this vulnerability is CVE-2025-9553. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in Owl Carousel 2 on Drupal and classified as critical. Impacted is an unknown function. Performing manipulation results in privilege escalation. This vulnerability is identified as CVE-2025-9554. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability has been found in HCL BigFix WebUI 11 and classified as critical. This affects an unknown function of the component Header Field Handler. The manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. This vulnerability is referenced as CVE-2025-52647. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in ash up to 3.6.1. It has been classified as critical. This issue affects the function Elixir.Ash.Policy.Authorizer in the library lib/ash/policy/authorizer/authorizer.ex. Performing manipulation results in incorrect authorization. This vulnerability is cataloged as CVE-2025-48043. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in Facets up to 2.0.9/3.0.0 on Drupal. This issue affects some unknown processing. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-9550. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in cel-rust up to 0.11.3. Affected by this vulnerability is an unknown functionality. Performing manipulation results in denial of service. This vulnerability is reported as CVE-2025-62162. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Moreover.com Cached Feed.cgi Script 4.july.00. Affected by this issue is some unknown functionality of the file cached_feed.cgi. The manipulation of the argument category/format results in path traversal. This vulnerability is identified as CVE-2000-0906. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Horde IMP 2.0/2.2. It has been rated as critical. The affected element is an unknown function of the component Form Handler. The manipulation of the argument attachment_name leads to improper privilege management. This vulnerability is documented as CVE-2000-0911. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.