VulDB Recent Entries

A vulnerability categorized as problematic has been discovered in libarchive bsdtar up to 3.8.0. Affected by this vulnerability is the function apply_substitution of the file tar/subst.c. Executing manipulation can lead to resource consumption. This vulnerability is handled as CVE-2025-60753. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Entr'ouvert Lasso 2.5.1/2.8.2. It has been rated as critical. Affected is the function lasso_node_impl_init_from_xml of the component SAML Response Handler. Performing manipulation results in type confusion. This vulnerability is known as CVE-2025-47151. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Django up to 4.2.25/5.1.13/5.2.7. It has been declared as critical. This impacts the function QuerySet.filter/QuerySet.exclude/QuerySet.get. Such manipulation leads to sql injection. This vulnerability is traded as CVE-2025-64459. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Snipe-IT up to 8.3.2. It has been classified as critical. This affects an unknown function of the component Backup File Handler. This manipulation causes privilege escalation. This vulnerability appears as CVE-2025-63601. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Django up to 4.2.25/5.1.13/5.2.7 on Windows and classified as problematic. The impacted element is the function Django.http.HttpResponseRedirect/Django.http.HttpResponsePermanentRedirect. The manipulation results in inefficient algorithmic complexity. This vulnerability is reported as CVE-2025-64458. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Easy Email Subscription Plugin up to 1.3 on WordPress and classified as critical. The affected element is an unknown function. The manipulation of the argument uid leads to sql injection. This vulnerability is documented as CVE-2025-10683. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in HCL BigFix Query up to 4.10.x. Impacted is an unknown function of the component HTTP GET Endpoint. Executing manipulation can lead to exposure of private personal information to an unauthorized actor. This vulnerability is registered as CVE-2025-52602. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in WSO2 Identity Server, Enterprise Integrator, Open Banking IAM, Identity Server as Key Manager, API Manager, API Control Plane, Universal Gateway, Traffic Manager and org.wso2.carbon.commons:org.wso2.carbon.application.upload. This issue affects the function CarbonAppUploader of the component Admin Service Endpoint. Performing manipulation results in unrestricted upload. This vulnerability is cataloged as CVE-2025-3125. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in MDaemon 23.5.2. This vulnerability affects unknown code of the component Header Handler. Such manipulation of the argument From leads to an unknown weakness. This vulnerability is listed as CVE-2025-61084. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical has been found in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. This vulnerability is tracked as CVE-2025-12745. The attack is restricted to local execution. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery To fix this issue, it is recommended to deploy a patch.

A vulnerability described as critical has been identified in Red Hat 3Scale Developer Portal. Affected by this issue is some unknown functionality. The manipulation of the argument Readonly results in improper access controls. This vulnerability is identified as CVE-2024-12125. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20/9.0.21/9.0.22. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. This vulnerability is referenced as CVE-2025-55108. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as critical has been found in cURL up to 8.16.0. Affected is an unknown function of the component SFTP Host Handler. Executing manipulation can lead to key exchange without entity authentication. The identification of this vulnerability is CVE-2025-10966. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Samsung Email up to 6.1.97.1. This impacts an unknown function. Performing manipulation results in improper input validation. This vulnerability was named CVE-2025-21077. The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Samsung Devices. This affects an unknown function of the component Fingerprint Trustlet. Such manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-21071. Local access is required to approach this attack. No exploit exists.

A vulnerability was found in Samsung Smart Switch 3.7.64.10/3.7.66.6/3.7.67.2. It has been rated as problematic. The impacted element is an unknown function. This manipulation of the argument random causes insufficiently random values. This vulnerability is handled as CVE-2025-21078. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Samsung Devices. It has been declared as critical. The affected element is an unknown function of the file libimagecodec.quram.so. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2025-21075. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Samsung Devices. It has been classified as critical. Impacted is an unknown function of the file libimagecodec.quram.so. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-21074. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Samsung Account and classified as problematic. This issue affects some unknown processing. Executing manipulation can lead to improper handling of insufficient permissions or privileges. This vulnerability appears as CVE-2025-21076. The attack requires local access. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Samsung Devices and classified as critical. This vulnerability affects unknown code of the component USB Connection Mode. Performing manipulation results in insecure default initialization of resource. This vulnerability is reported as CVE-2025-21073. The attacker must have access to the local network to execute the attack. No exploit exists.