Aggregator

Submit #622389 / VDB-317822

Submit #622388 / VDB-317821

Submit #622387 / VDB-317820

A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2025-8231. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-8230. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #622347 / VDB-317779

Submit #622337 / VDB-317819

A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /parcel_list.php. The manipulation of the argument s leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8229. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #622330 / VDB-317818

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. This vulnerability is handled as CVE-2025-8228. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #622322 / VDB-317817

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. This vulnerability is known as CVE-2025-8227. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. This vulnerability is traded as CVE-2025-8226. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #622171 / VDB-317816

Submit #622169 / VDB-317815

Submit #622167 / VDB-317814

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2025-8225. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-8224. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Submit #621883 / VDB-317813