Vuldb Updates

A vulnerability identified as problematic has been detected in GitLab Community Edition and Enterprise Edition up to 18.7.4/18.8.4/18.9.0. The affected element is an unknown function. This manipulation causes inefficient regular expression complexity. This vulnerability is handled as CVE-2026-1388. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in stb up to 2.27. It has been classified as problematic. This issue affects some unknown processing of the file stb_image.h of the component HDR Loader. Performing a manipulation results in denial of service. This vulnerability is identified as CVE-2021-42715. The attack can only be performed from the local network. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in stb 2.27 and classified as problematic. This affects the function stbi__jpeg_decode_block_prog_dc of the file stb_image.h. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2022-28041. Access to the local network is required for this attack to succeed. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability marked as critical has been reported in stb 2.27. Impacted is the function stbi__jpeg_load of the file stb_image.h. Performing a manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2021-37789. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability was found in stb 2.26 and classified as critical. This issue affects the function stbi__extend_receive of the file stb_image.h of the component JPEG File Handler. Such manipulation leads to buffer overflow. This vulnerability is documented as CVE-2021-28021. The attack requires being on the local network. There is not any exploit available.

A vulnerability classified as problematic has been found in PHP Jabbers Time Slots Booking Calendar 4.0. This impacts an unknown function. Performing a manipulation of the argument name/plugin_sms_api_key/plugin_sms_country_code/calendar_id/title/country name/customer_name results in basic cross site scripting. This vulnerability was named CVE-2023-48827. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in GaatiTrack Courier Management System 1.0. It has been rated as critical. This vulnerability affects unknown code of the file ajax.php of the component Login. Performing a manipulation of the argument email results in sql injection. This vulnerability is reported as CVE-2023-48823. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in PHP Jabbers Time Slots Booking Calendar 4.0. The impacted element is an unknown function of the component Reservations List Handler. The manipulation results in csv injection. This vulnerability is reported as CVE-2023-48826. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability has been found in Availability Booking Calendar 5.0 and classified as problematic. Impacted is an unknown function. Performing a manipulation of the argument SMS API Key/Default Country Code results in basic cross site scripting. This vulnerability is identified as CVE-2023-48825. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in BoidCMS 2.0.1. It has been rated as problematic. This impacts an unknown function. This manipulation of the argument title/subtitle/footer/keywords causes cross site scripting. This vulnerability is registered as CVE-2023-48824. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in kkFileView 4.3.0. Impacted is an unknown function. Executing a manipulation can lead to improper access controls. This vulnerability is registered as CVE-2023-48815. The attack requires access to the local network. No exploit is available.

A vulnerability marked as critical has been reported in WP Mail Logging Plugin up to 1.15.0 on WordPress. The affected element is the function maybe_unserialize of the component Log Message Handler. The manipulation leads to deserialization. This vulnerability is listed as CVE-2026-2471. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in Tutor LMS Plugin up to 3.9.4/3.9.6 on WordPress. The impacted element is an unknown function. The manipulation of the argument coupon_code results in sql injection. This vulnerability is cataloged as CVE-2025-13673. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.0.6. It has been classified as critical. This affects the function nsim_drv_probe of the component netdevsim. This manipulation causes memory leak. This vulnerability is registered as CVE-2022-50500. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.1. This affects the function binfmt_misc. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2022-50497. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.74/5.19.16/6.0.2. It has been classified as critical. This vulnerability affects the function rtnl_lock of the file net/core/dev.c of the component eth. The manipulation leads to reachable assertion. This vulnerability is listed as CVE-2022-50498. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.0.2. Affected by this vulnerability is the function get_cpu of the component thermal. Such manipulation leads to injection. This vulnerability is referenced as CVE-2022-50494. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 5.10.153/5.15.76/6.0.6. This issue affects the function cti_disable_hw. Such manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-50491. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Linux Kernel up to 6.0.6. This impacts an unknown function. The manipulation results in use after free. This vulnerability was named CVE-2022-50492. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.