Vuldb Updates

A vulnerability classified as critical was found in Bentley MicroStation CONNECT 10.16.02.34. This affects an unknown function of the component DGN File Parser. Executing a manipulation can lead to out-of-bounds write. This vulnerability appears as CVE-2022-28644. The attack may be performed from remote. There is no available exploit.

A vulnerability described as critical has been identified in Bentley MicroStation CONNECT 10.16.02.34. The affected element is an unknown function of the component DGN File Parser. Such manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2022-28642. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in Bentley MicroStation CONNECT 10.16.02.34. The impacted element is an unknown function of the component DGN File Parser. Performing a manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2022-28643. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical has been found in Linux Kernel up to 6.17.2. The affected element is the function __pnet_find_base_ndev. This manipulation causes use after free. The identification of this vulnerability is CVE-2025-40064. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.111/6.12.52/6.17.2. This vulnerability affects the function do_task of the component rxe. The manipulation results in use after free. This vulnerability is cataloged as CVE-2025-40061. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.17.2 and classified as critical. This issue affects the function crypto_acomp_streams of the component crypto. This manipulation causes allocation of resources. This vulnerability is registered as CVE-2025-40063. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.155/6.6.111/6.12.52/6.17.2. The impacted element is the function qm_diff_regs of the component crypto. This manipulation causes improper initialization. This vulnerability is handled as CVE-2025-40062. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.52/6.17.2. Impacted is the function devm_kzalloc of the component coresight. The manipulation of the argument return leads to unchecked return value. This vulnerability is traded as CVE-2025-40059. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2. The affected element is the function etm_setup_aux of the component TRBE Driver. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-40060. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Alinto SOGo up to 5.12.7. It has been rated as critical. This issue affects the function sogo_acl of the file /acls of the component addUserInAcls Endpoint. The manipulation of the argument uid leads to sql injection. This vulnerability is documented as CVE-2026-8851. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.6.139/6.12.87/6.18.29/7.0.6 and classified as critical. This vulnerability affects the function mpi_read_raw_from_sgl. The manipulation of the argument nbytes results in integer underflow. This vulnerability is known as CVE-2026-43492. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Ctrlpanel-gg panel up to 1.1.x. This affects an unknown part. The manipulation results in os command injection. This vulnerability is known as CVE-2026-34234. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in mantisbt Mantis Bug Tracker up to 2.28.1. This vulnerability affects unknown code of the file manage_proj_user_add.php of the component Custom Fields Handler. This manipulation causes improper access controls. This vulnerability is handled as CVE-2026-34390. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD EPYC 4004, EPYC 4005, Ryzen 6000 Processors with Radeon Graphics, Ryzen 7040 Mobile Processors with Radeon Graphics, Ryzen 7045 Mobile Processors with Radeon Graphics, Ryzen 7000 Desktop Processors, Ryzen 9000HX Mobile Processors, Ryzen AI MAX, Ryzen AI 300 Processors, Ryzen Threadripper 7000 Processors, Ryzen Threadripper PRO 7000 WX-Series Processors, Ryzen 8000 Desktop Processors, Ryzen 9000 Desktop Processors, Ryzen Embedded V3000 Processors, Ryzen Embedded 7000 Processors, Ryzen Embedded 8000 Processors and Ryzen Embedded 9000 Processors. It has been classified as problematic. This impacts an unknown function of the component System Management Mode. This manipulation causes buffer underwrite. This vulnerability is tracked as CVE-2024-36343. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Ctrlpanel-gg panel up to 1.1.x. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument newmessage results in cross site scripting. This vulnerability is cataloged as CVE-2026-34241. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic was found in mantisbt Mantis Bug Tracker up to 2.28.1. This issue affects some unknown processing of the file bug_report_page.php of the component Project Name Handler. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-34463. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Cisco Catalyst SD-WAN Manager. Affected by this issue is some unknown functionality of the component Web UI. This manipulation causes logging of excessive data. This vulnerability is registered as CVE-2026-20209. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Cisco Catalyst SD-WAN Manager. This affects an unknown part of the component Web UI. Such manipulation leads to logging of excessive data. This vulnerability is documented as CVE-2026-20210. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as problematic was found in Cisco Catalyst SD-WAN Manager. The affected element is an unknown function of the component XML File Parser. The manipulation results in xml external entity reference. This vulnerability is known as CVE-2026-20224. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.52/6.17.2 and classified as critical. This affects the function ecap_slads of the component iommu. Executing a manipulation can lead to state issue. This vulnerability is registered as CVE-2025-40058. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.