Vuldb Updates

A vulnerability was found in Chip Salzenberg Deliver 2.1.14. It has been rated as problematic. Affected is an unknown function. This manipulation causes race condition. This vulnerability is handled as CVE-2010-1123. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in IBM AIX 5.3/5.3.0. Affected by this vulnerability is the function getaddrinfo in the library bos.rte.libc. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2010-1124. The attack can be launched remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Apple Mac OS X. This impacts an unknown function. Such manipulation leads to improper input validation. This vulnerability is documented as CVE-2010-0740. The attack can be executed remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. It has been rated as critical. This impacts the function Open of the component intel_th. The manipulation leads to memory leak. This vulnerability is traded as CVE-2026-23091. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. It has been rated as critical. This issue affects some unknown processing of the component slimbus. Performing a manipulation results in allocation of resources. This vulnerability is reported as CVE-2026-23090. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. Impacted is the function snd_usb_mixer_free of the component usb-audio. Executing a manipulation can lead to use after free. This vulnerability appears as CVE-2026-23089. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. This issue affects the function trace_event_raw_event_synth. Performing a manipulation results in memory corruption. This vulnerability is identified as CVE-2026-23088. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. The affected element is the function scsiback_remove of the component scsi. The manipulation leads to memory leak. This vulnerability is listed as CVE-2026-23087. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. Affected by this vulnerability is the function virtio_transport_tx_buf_size. This manipulation causes allocation of resources. This vulnerability is handled as CVE-2026-23086. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. It has been declared as critical. This vulnerability affects the function be_cmd_get_mac_from_list of the component be2net. Such manipulation of the argument pmac_id_valid leads to null pointer dereference. This vulnerability is documented as CVE-2026-23084. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. It has been declared as critical. The affected element is the function kmalloc. Executing a manipulation can lead to allocation of resources. This vulnerability is registered as CVE-2026-23085. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. This affects the function fou_udp_recv of the component fou. Executing a manipulation can lead to privilege escalation. This vulnerability is tracked as CVE-2026-23083. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.67/6.18.7/6.19-rc5/6.19-rc6. It has been classified as critical. The impacted element is the function gs_usb_receive_bulk_callback. Performing a manipulation results in memory leak. This vulnerability is reported as CVE-2026-23082. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in langflow-ai langflow up to 1.8.4. It has been declared as critical. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injection. This vulnerability is handled as CVE-2026-7687. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. This vulnerability is tracked as CVE-2026-7680. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in webaways NEX-Forms Plugin up to 9.1.11 on WordPress. The impacted element is the function submit_nex_form of the component POST Parameter Handler. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-5063. The attack may be initiated remotely. There is no available exploit.

A vulnerability marked as critical has been reported in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. This vulnerability is listed as CVE-2026-7681. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax BR-6428nC up to 1.16. It has been classified as critical. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. This vulnerability is handled as CVE-2026-7683. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax BR-6428nC up to 1.16. It has been declared as critical. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffer overflow. This vulnerability is uniquely identified as CVE-2026-7684. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as problematic has been reported in Frontend File Manager Plugin up to 23.6 on WordPress. This impacts the function wpfm_download of the component Download Endpoint. The manipulation of the argument file_id leads to authorization bypass. This vulnerability is referenced as CVE-2026-5337. Remote exploitation of the attack is possible. No exploit is available.