Vuldb Updates

A vulnerability, which was classified as critical, was found in SWFTools 0.9.2. This vulnerability affects the function swf_ReadSWF2 in the library lib/rfxswf.c. The manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2023-26991. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability categorized as critical has been discovered in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn. This vulnerability affects the function setSchedWifi. Executing manipulation can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2023-27012. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in Konga 0.14.9. This impacts an unknown function of the component POST Request Handler. The manipulation results in improper access controls. This vulnerability was named CVE-2023-26987. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical was found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. This vulnerability is referenced as CVE-2025-13130. The attack can only be performed from a local environment. No exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. This vulnerability is identified as CVE-2025-13131. The attack is only possible with local access. There is not any exploit available. The vendor confirms this vulnerability but classifies it as a "low severity issue due to the default service user being used as it would either require someone to intentionally change the service to a highly privileged account or an attacker would need an admin level account". It is planned to fix this issue in the next major release v5.

A vulnerability, which was classified as critical, was found in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such manipulation of the argument lng/lat leads to sql injection. This vulnerability is listed as CVE-2025-13121. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Linksys E1200 up to 2.0.11.001. The affected element is an unknown function of the component HTTP Handler. The manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-60690. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical was found in Linksys E1200 up to 2.0.11.001. Affected by this issue is some unknown functionality of the component HTTP Handler. The manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2025-60693. The attack may be performed from remote. There is no available exploit.

A vulnerability described as critical has been identified in Red Hat 3Scale Developer Portal. Affected by this issue is some unknown functionality. The manipulation of the argument Readonly results in improper access controls. This vulnerability is identified as CVE-2024-12125. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in Easy XML Editor up to 1.7.8. Affected by this issue is some unknown functionality of the component XML Data Handler. This manipulation causes xml injection. This vulnerability is tracked as CVE-2019-19031. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Mozilla Firefox up to 67.0.3. This impacts an unknown function of the component Sandbox. The manipulation leads to improper input validation. This vulnerability is referenced as CVE-2019-11708. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is suggested to upgrade the affected component.

A vulnerability identified as critical has been detected in Microsoft Windows. The impacted element is an unknown function in the library ws2ifsl.sys of the component Winsock. This manipulation causes improper privilege management. This vulnerability is tracked as CVE-2019-1215. The attack is restricted to local execution. Moreover, an exploit is present. It is suggested to install a patch to address this issue.

A vulnerability described as critical has been identified in Notepad++ up to 7.6. Affected by this vulnerability is an unknown functionality in the library SciLexer.dll of the component Scintilla. Executing manipulation as part of Unicode Character can lead to improper input validation. This vulnerability is registered as CVE-2019-16294. It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Free MP3 CD Ripper 2.6. It has been declared as critical. This issue affects some unknown processing of the component File Converter. The manipulation as part of wma File results in memory corruption. This vulnerability was named CVE-2019-9767. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability labeled as critical has been found in Google Chrome. Affected is an unknown function. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2019-5786. The attack can be launched remotely. Moreover, an exploit is present. The affected component should be upgraded.

This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all.

A vulnerability identified as critical has been detected in Autonomy Logic OpenPLC Runtime. Affected by this vulnerability is an unknown functionality of the file /upload-program-action. The manipulation of the argument epoch_time leads to improper control of resource through lifetime. This vulnerability is traded as CVE-2025-34226. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as critical, has been found in mmaitre314 picklescan up to 0.0.30. This issue affects some unknown processing. The manipulation leads to protection mechanism failure. This vulnerability is uniquely identified as CVE-2025-10157. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Autodesk 3ds Max 2020/2021/2021.3.8/2022/2022.3.3. Impacted is an unknown function of the component RBG File Parser. Such manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-6633. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in Ruijie NBR2000G, NBR1300G and NBR1000. The impacted element is an unknown function of the file /WEB_VMS/LEVEL15/. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2025-34057. The attack may be performed from remote. There is no available exploit.