VulDB Recent Entries

A vulnerability has been found in Linux Kernel up to 6.1.15/6.2.2 and classified as critical. Affected by this issue is the function unregister_netdev of the file net/core/dev.c. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2022-50361. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.0.2. Affected by this vulnerability is an unknown functionality of the component staging. Executing manipulation can lead to improper initialization. This vulnerability is handled as CVE-2022-50355. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.10.151/5.15.75/6.0.5. Affected is the function sfb_init of the component sched. Performing manipulation results in null pointer dereference. This vulnerability is known as CVE-2022-50356. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. This vulnerability is traded as CVE-2025-10642. The attack may be launched remotely. There is no exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

A vulnerability classified as critical has been found in WonderCMS 3.5.0. This affects the function curl_exec. This manipulation of the argument pluginThemeUrl causes server-side request forgery. This vulnerability appears as CVE-2025-57055. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as problematic has been identified in KGOLDOV Apache::AuthAny up to 0.201 on Perl. The impacted element is the function rand. The manipulation results in generation of predictable numbers or identifiers. This vulnerability is reported as CVE-2025-40933. The attack can be launched remotely. No exploit exists.

A vulnerability marked as problematic has been reported in Shopside App. The affected element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-0879. The attack can be initiated remotely. There is not any exploit available. This product is a managed service, therefore users are not responsible for maintaining vulnerability countermeasures. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in SUSE neuvector up to 5.4.5. Impacted is an unknown function. Executing manipulation can lead to insufficiently protected credentials. This vulnerability is registered as CVE-2025-54467. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Perplexity AI GPT-4. This issue affects some unknown processing of the component GET Parameter Handler. Performing manipulation results in information disclosure. This vulnerability is cataloged as CVE-2025-50709. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in Jenkins up to 2.516.2/2.527. This vulnerability affects unknown code. Such manipulation leads to improper authentication. This vulnerability is listed as CVE-2025-59475. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Jenkins up to 2.515.x. It has been rated as problematic. This affects an unknown part. This manipulation causes improper output neutralization for logs. This vulnerability is tracked as CVE-2025-59476. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Jenkins up to 2.386/2.516.2. It has been declared as critical. Affected by this issue is some unknown functionality. The manipulation results in permission issues. This vulnerability is identified as CVE-2025-59474. The attack can only be performed from the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nebula Informatics SecHard 3.3.0.20220411. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to authorization bypass. This vulnerability is referenced as CVE-2025-8463. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in SUSE neuvector up to 5.4.5 and classified as problematic. Affected is an unknown function of the component User Password Handler. Executing manipulation can lead to one-way hash without salt. The identification of this vulnerability is CVE-2025-53884. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Open5GS up to 2.7.5 and classified as problematic. This impacts the function parse_multipart in the library lib/sbi/message.c. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2025-55904. The attack needs to be approached within the local network. There is no available exploit. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as very critical, was found in SUSE neuvector up to 5.4.5. This affects an unknown function of the component Authentication Token Handler. Such manipulation leads to use of default password. This vulnerability is uniquely identified as CVE-2025-8077. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/server_port causes command injection. This vulnerability is handled as CVE-2025-10634. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as problematic was found in itsourcecode Online Petshop Management System 1.0. The affected element is an unknown function of the file availableframe.php of the component Admin Dashboard. The manipulation of the argument name/address results in cross site scripting. This vulnerability is known as CVE-2025-10632. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as problematic has been found in itsourcecode Online Petshop Management System 1.0. Impacted is an unknown function of the file addcnp.php of the component Available Products Page. The manipulation of the argument name/description leads to cross site scripting. This vulnerability is traded as CVE-2025-10631. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgi_main of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2025-10629. The attack may be performed from remote. In addition, an exploit is available.