Vuldb Updates

A vulnerability, which was classified as critical, was found in Huawei HarmonyOS 5.0.1/5.1.0. This vulnerability affects unknown code of the component Devicemanager Module. Such manipulation leads to authentication bypass by primary weakness. This vulnerability is uniquely identified as CVE-2025-54622. The attack can only be initiated within the local network. No exploit exists.

A vulnerability has been found in Huawei HarmonyOS 5.0.1/5.1.0 and classified as critical. This issue affects some unknown processing of the component Devicemanager Module. Performing manipulation results in integer overflow to buffer overflow. This vulnerability was named CVE-2025-54623. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability classified as problematic was found in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. This vulnerability is registered as CVE-2025-8515. It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in GTK GdkPixbuf. Impacted is an unknown function of the component GIF LWZ Decoder. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2025-6199. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in nbd nbdkit. It has been classified as problematic. The impacted element is an unknown function of the component Blocksize Filter. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-47712. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in fluent-bit 3.7.2. It has been classified as problematic. This vulnerability affects the function cfl_list_size in the library cfl_list.h. Performing manipulation results in denial of service. This vulnerability is known as CVE-2025-29478. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. Such manipulation of the argument nginxPath leads to improper certificate validation. This vulnerability is documented as CVE-2024-3738. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in cym1102 nginxWebUI up to 3.9.9. This impacts an unknown function of the file /adminPage/main/upload. Performing manipulation of the argument File results in os command injection. This vulnerability is reported as CVE-2024-3739. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in cym1102 nginxWebUI up to 3.9.9. Affected is the function exec of the file /adminPage/conf/reload. Executing manipulation of the argument nginxExe can lead to deserialization. This vulnerability appears as CVE-2024-3740. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Ruijie RG-UAC up to 20240419. This vulnerability affects unknown code of the file /view/network Config/GRE/gre_edit_commit.php. Executing manipulation of the argument Name can lead to os command injection. The identification of this vulnerability is CVE-2024-4255. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Ruijie RG-UAC 1.0 and classified as critical. The affected element is an unknown function of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename results in os command injection. This vulnerability is cataloged as CVE-2024-6184. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Ruijie RG-UAC 1.0. It has been declared as critical. This affects an unknown function of the file /view/userAuthentication/SSO/commit.php. Such manipulation of the argument ad_log_name leads to os command injection. This vulnerability is documented as CVE-2024-6186. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Ruijie RG-UAC 1.0. It has been rated as critical. This impacts an unknown function of the file /view/vpn/autovpn/sub_commit.php. Performing manipulation of the argument key results in os command injection. This vulnerability is reported as CVE-2024-6187. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in Ruijie RG-UAC 1.0. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. Performing manipulation of the argument indevice results in command injection. This vulnerability is identified as CVE-2024-6269. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Siemens SINEMA Remote Connect Client up to 3.2 and classified as critical. This vulnerability affects unknown code of the component Configuration Handler. Such manipulation leads to command injection. This vulnerability is referenced as CVE-2024-39567. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Htmly 2.9.5 and classified as problematic. This issue affects some unknown processing of the component Menu Editor Module. This manipulation of the argument Link Name causes cross site scripting. This vulnerability is tracked as CVE-2024-30953. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in vanessa219 Vditor 3.10.3. It has been rated as problematic. The impacted element is an unknown function of the component Element Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-34449. It is possible to initiate the attack remotely. There is no exploit available. It is still unclear if this vulnerability genuinely exists. It is recommended to change the configuration settings.

A vulnerability, which was classified as critical, has been found in Flatpak. Affected is an unknown function. This manipulation causes argument injection. This vulnerability is registered as CVE-2024-32462. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in aio-libs aiohttp up to 3.9.3. This issue affects some unknown processing of the component Index Pages. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2024-27306. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in SQLite 3.30.1. Affected by this issue is some unknown functionality of the component CREATE Statement Handler. Executing manipulation as part of Table Name can lead to improper privilege management. This vulnerability appears as CVE-2019-19603. The attack may be performed from a remote location. There is no available exploit.