Vuldb Updates

A vulnerability classified as critical has been found in Nokia Service Router Operating System 22.10. This affects an unknown function of the component BGP Path Attribute Handler. This manipulation causes privilege escalation. The identification of this vulnerability is CVE-2023-41376. The attack needs to be done within the local network. There is no exploit available.

A vulnerability described as problematic has been identified in WP Githuber MD Plugin 1.16.2 on WordPress. Affected by this issue is some unknown functionality of the component New Article. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2023-41423. The attack can be executed remotely. There is not any exploit available.

A vulnerability described as critical has been identified in flutter_downloader up to 1.11.1 on iOS. This impacts an unknown function. Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2023-41387. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Linux Kernel up to 6.13.6 and classified as problematic. Impacted is the function cow_file_range. The manipulation results in allocation of resources. This vulnerability is known as CVE-2025-21942. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.13.6. This issue affects the function try_module_get. Executing a manipulation can lead to race condition. This vulnerability is registered as CVE-2025-21943. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.12.18/6.13.6 and classified as critical. This issue affects the function kfd_queue_acquire_buffers. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-21940. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.18/6.13.6. Affected by this vulnerability is the function hmm_range_fault of the component xe. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2025-21939. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.130/6.6.82/6.12.18/6.13.6. Affected by this issue is some unknown functionality of the component AMD Display. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-21941. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.130/6.6.82/6.12.18/6.13.6. This issue affects the function mgmt_alloc_skb of the component Bluetooth. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2025-21936. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.130/6.6.82/6.12.18/6.13.6. This vulnerability affects the function mgmt_alloc_skb of the component Bluetooth. Executing a manipulation can lead to null pointer dereference. This vulnerability appears as CVE-2025-21937. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.130/6.6.82/6.12.18/6.13.6. This vulnerability affects the function mptcp_pm_nl_append_new_local_addr. Performing a manipulation results in state issue. This vulnerability is cataloged as CVE-2025-21938. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.13.6. Impacted is the function update_mmu_cache_range of the component pgtable. Such manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-21933. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.13.6. The affected element is the function rio_add_net of the component rapidio. Performing a manipulation results in use after free. This vulnerability is cataloged as CVE-2025-21934. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.13.6. This impacts the function rio_add_net of the component rapidio. The manipulation results in unchecked return value. This vulnerability is reported as CVE-2025-21935. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.18/6.13.6. Impacted is the function vma_modify of the component mm. Executing a manipulation can lead to allocation of resources. This vulnerability is handled as CVE-2025-21932. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.18/6.13.6. This issue affects some unknown processing in the library /include/linux/swapops.h of the component memory_hotplug. Performing a manipulation results in state issue. This vulnerability is known as CVE-2025-21931. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.18/6.13.6. Affected by this issue is the function hid_ishtp_cl_remove of the component intel-ish-hid. This manipulation causes use after free. This vulnerability is handled as CVE-2025-21929. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.18/6.13.6. This vulnerability affects unknown code of the file drivers/net/wireless/inel/iwlwifi/iwl-trans.c. The manipulation results in state issue. This vulnerability is identified as CVE-2025-21930. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.13.6. It has been rated as critical. This affects the function ishtp_hid_remove. The manipulation leads to use after free. This vulnerability is referenced as CVE-2025-21928. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.18/6.13.6. It has been declared as critical. Affected by this issue is the function nvme_tcp_recv_pdu of the component Header Length Handler. Executing a manipulation can lead to memory corruption. The identification of this vulnerability is CVE-2025-21927. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.