Vuldb Updates

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.16-rc5. This affects the function dma_unmap_len_set of the file drivers/iommu/dma-iommu.c of the component bnxt_en. The manipulation results in privilege escalation. This vulnerability is reported as CVE-2025-38439. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to cf366ee3bc1b7d1c76a882640ba3b3f8f1039163. The impacted element is the function nf_flow_pppoe_proto of the component netfilter. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-38441. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.38/6.15.6/6.16-rc5. Affected is the function net_dim. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2025-38440. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.38/6.15.6/6.16-rc3. This impacts the function devm_kstrdup of the component ASoC. The manipulation results in memory leak. This vulnerability is known as CVE-2025-38438. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.15.4/6.16-rc3. Impacted is an unknown function of the component riscv. Performing manipulation results in privilege escalation. This vulnerability is known as CVE-2025-38435. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.16.7/6.17-rc5. This impacts the function __xdp_rxq_info_reg of the component Igb Driver. Such manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-39875. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.16.7/6.17-rc5. It has been rated as critical. Affected is the function truncate_folio_batch_exceptionals of the component erofs. The manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2025-39868. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.16.7/6.17-rc5 and classified as critical. This affects the function fscrypt_encrypt_pagecache_blocks of the component ceph. The manipulation results in denial of service. This vulnerability is reported as CVE-2025-39878. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been rated as critical. Impacted is the function fec_enet_phy_reset_after_clk_enable of the component net. Performing manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-39876. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.1.152/6.6.106/6.12.47/6.16.7/6.17-rc5. It has been declared as critical. This impacts the function xcan_write_frame. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-39873. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.47/6.16.7/6.17-rc5. It has been classified as critical. This vulnerability affects the function evict of the component btrfs. This manipulation causes race condition. This vulnerability appears as CVE-2025-39884. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to ed2c66000aa64c0d2621864831f0d04c820a1441. This vulnerability affects the function idxd_setup_wqs of the component dmaengine. Performing manipulation results in uninitialized pointer. This vulnerability is identified as CVE-2025-39870. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in CodeAstro Online Leave Application 1.0. It has been rated as critical. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. This vulnerability was named CVE-2025-11113. The attack may be initiated remotely. In addition, an exploit is available. Other parameters might be affected as well.

A vulnerability categorized as critical has been discovered in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence[] can lead to sql injection. The identification of this vulnerability is CVE-2025-11114. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Advanced Online Voting Management System 1.0. It has been classified as critical. This affects an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2025-11111. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been declared as problematic. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-11112. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.16-rc2. This affects an unknown function of the component ACPICA. Performing manipulation of the argument method results in use after free. This vulnerability is known as CVE-2025-38386. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.16-rc2. Affected by this issue is the function nanddev_ecc_engine_cleanup of the component mtd. This manipulation causes memory leak. The identification of this vulnerability is CVE-2025-38384. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0 and classified as critical. The affected element is an unknown function of the file /pages/us_edit.php?action=edit. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2025-11109. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Online Learning Management System 1.0 and classified as critical. The impacted element is an unknown function of the file /admin/school_year.php. The manipulation of the argument school_year results in sql injection. This vulnerability is known as CVE-2025-11110. It is possible to launch the attack remotely. Furthermore, an exploit is available.