Vuldb Updates

It seems this issue is a false-positive. Please confirm the sources provided and consider disregarding this entry.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.29/6.3.3. The affected element is the function queue_setup. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2023-53748. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.53/6.4.15/6.5.2. Affected by this issue is the function kmalloc_reserve of the file net/core/skbuff.c of the component net. The manipulation results in integer overflow. This vulnerability was named CVE-2023-53752. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Linux Kernel up to 6.3.12/6.4.3. The impacted element is the function num_configs of the component pinctrl. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2023-53750. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.27/6.2.14/6.3.1. This affects the function TCP_Server_Info::hostname of the component cifs. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2023-53751. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.4.239/5.10.176/5.15.105/6.1.22/6.2.9. This affects the function vfio_ap. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-53746. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.3.3. This impacts the function vcs_write of the file drivers/tty/vt/vc_screen.c. Performing a manipulation results in use after free. This vulnerability is known as CVE-2023-53747. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.2.4. It has been rated as critical. Impacted is the function uml_parse_vector_ifspec. The manipulation leads to unchecked return value. This vulnerability is documented as CVE-2023-53745. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in OWASP ModSecurity Core Rule Set up to 3.3.4. This impacts an unknown function of the component Content-Header Handler. Performing a manipulation results in improper access controls. This vulnerability is cataloged as CVE-2023-38199. It is possible to initiate the attack remotely. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability identified as problematic has been detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. This vulnerability is identified as CVE-2026-2889. The attack is only possible with local access. Additionally, an exploit exists. You should upgrade the affected component.

A vulnerability has been found in D-Link DWR-M960 1.01.07 and classified as critical. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability is known as CVE-2026-2882. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in D-Link DWR-M960 1.01.07 and classified as critical. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2026-2883. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in D-Link DWR-M960 1.01.07. It has been classified as critical. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-2884. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in D-Link DWR-M960 1.01.07. It has been declared as critical. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability was named CVE-2026-2885. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Tenda A21 1.0.0.0. It has been rated as critical. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. The identification of this vulnerability is CVE-2026-2886. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as problematic has been discovered in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. This vulnerability is referenced as CVE-2026-2887. The attack can only be performed from a local environment. Furthermore, an exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in funadmin up to 7.1.0-rc4 and classified as problematic. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. This vulnerability is traded as CVE-2026-2894. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in funadmin up to 7.1.0-rc4. It has been classified as problematic. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. This vulnerability is known as CVE-2026-2895. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in funadmin up to 7.1.0-rc4. It has been declared as critical. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. This vulnerability is handled as CVE-2026-2896. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in funadmin up to 7.1.0-rc4. It has been rated as problematic. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-2897. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.