Vuldb Updates

A vulnerability was found in appneta tcpreplay up to 4.4.4 and classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. Such manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-3024. Local access is required to approach this attack. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in Python CPython up to 3.14.x. This affects an unknown function of the component HTTP Response Handler. This manipulation causes denial of service. This vulnerability appears as CVE-2025-13836. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in WSO2 Open Banking IAM, Open Banking AM, API Manager, Enterprise Mobility Manager, Identity Server, Identity Server as Key Manager and Open Banking KM. Impacted is an unknown function of the component SOAP Admin Services. Such manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2024-7096. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in designthemes LMS Plugin up to 1.0.4 on WordPress. It has been classified as critical. This affects the function dtlms_register_user_front_end. Performing manipulation results in improper authentication. This vulnerability is reported as CVE-2025-13542. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Espressif ESP-IDF up to 5.1.6/5.2.6/5.3.4/5.4.3/5.5.1 and classified as problematic. This affects an unknown function. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2025-66409. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in codeready-ws. It has been declared as critical. This affects an unknown part of the file /etc/passwd. The manipulation results in permission issues. This vulnerability is identified as CVE-2025-57850. The attack is only possible with local access. There is not any exploit available.

A vulnerability was found in Iskra iHUB and iHUB Lite. It has been rated as critical. This vulnerability affects unknown code. This manipulation causes missing authentication. This vulnerability is tracked as CVE-2025-13510. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Industrial Video & Control Longwatch up to 6.334. This issue affects some unknown processing of the component HTTP GET Request Handler. Such manipulation leads to code injection. This vulnerability is listed as CVE-2025-13658. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. This impacts an unknown function of the component Legacy GRUB Bootloader Configuration Handler. The manipulation results in improper privilege management. This vulnerability was named CVE-2025-59697. An attack on the physical device is feasible. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. Affected by this vulnerability is an unknown functionality. Such manipulation leads to information exposure through discrepancy. This vulnerability is referenced as CVE-2025-59702. The attack can be executed directly on the physical device. No exploit is available.

A vulnerability has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Chassis Management Board. Performing manipulation results in improper physical access control. This vulnerability is identified as CVE-2025-59696. The attack may be carried out on the physical device. There is not any exploit available.

A vulnerability was found in Apptainer up to 1.4.4. It has been classified as critical. The affected element is an unknown function. This manipulation causes symlink following. This vulnerability is tracked as CVE-2025-65105. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Grav CMS 1.7.49. This issue affects some unknown processing of the component Page Editor. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-65186. The attack is possible to be carried out remotely. No exploit exists.

Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability, which was classified as problematic, has been found in Kiteworks MFT up to 9.0.x. This affects an unknown part. This manipulation causes session expiration. This vulnerability is registered as CVE-2025-53896. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Sqlalchemy mako up to 1.2.1. The impacted element is the function Lexer. Such manipulation leads to incorrect regular expression. This vulnerability is listed as CVE-2022-40023. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792 and MT8793. It has been rated as critical. This impacts an unknown function of the component Display. This manipulation causes use of uninitialized variable. This vulnerability is handled as CVE-2025-20771. It is possible to launch the attack on the local host. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability categorized as critical has been discovered in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792 and MT8793. Affected is an unknown function of the component Display. Such manipulation leads to double free. This vulnerability is uniquely identified as CVE-2025-20772. Local access is required to approach this attack. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability, which was classified as critical, was found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792 and MT8793. This issue affects some unknown processing of the component Display. Such manipulation leads to use of uninitialized variable. This vulnerability is documented as CVE-2025-20766. The attack needs to be performed locally. There is not any exploit available. A patch should be applied to remediate this issue.

A vulnerability has been found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792 and MT8793 and classified as critical. Impacted is an unknown function of the component Display. Performing manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2025-20767. The attack requires a local approach. No exploit exists. To fix this issue, it is recommended to deploy a patch.