Vuldb Updates

A vulnerability classified as problematic was found in Liferay Portal and DXP. This issue affects some unknown processing of the component Plugin for OAuth. Such manipulation of the argument code/error leads to cross site scripting. This vulnerability is listed as CVE-2023-33941. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. This vulnerability was named CVE-2025-15413. The attack needs to be approached locally. In addition, an exploit is available. Unfortunately, the project has no active maintainer at the moment.

A vulnerability labeled as critical has been found in coollabsio coolify 4.0.0-beta.253/4.0.0-beta.359/4.0.0-beta.361/4.0.0-beta.374/4.0.0-beta.420.7. Impacted is an unknown function of the file docker-compose.yaml. Such manipulation leads to command injection. This vulnerability is listed as CVE-2025-64419. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability marked as very critical has been reported in coollabsio coolify up to 4.0.0-beta.434. The affected element is an unknown function. Performing a manipulation results in insufficiently protected credentials. This vulnerability is cataloged as CVE-2025-64420. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in coollabsio coolify up to 4.0.0-beta.434. Affected is an unknown function of the component Password Reset Handler. This manipulation causes incorrect authorization. This vulnerability appears as CVE-2025-64421. The attack may be initiated remotely. There is no available exploit.

A vulnerability identified as problematic has been detected in Craft CMS up to 4.16.16/5.8.20. This issue affects some unknown processing of the component Control Panel. This manipulation causes use of externally-controlled input to select classes or code. This vulnerability is tracked as CVE-2025-68455. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Craft CMS up to 4.16.16/5.8.20. It has been classified as critical. This vulnerability affects unknown code of the component System Message Handler. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is uniquely identified as CVE-2025-68454. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Craft CMS up to 4.16.16/5.8.20. It has been rated as critical. This vulnerability affects unknown code. This manipulation causes server-side request forgery. This vulnerability is handled as CVE-2025-68437. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical was found in coollabsio coolify up to 4.0.0-beta.434. This impacts an unknown function. The manipulation results in command injection. This vulnerability is reported as CVE-2025-64424. The attack can be launched remotely. No exploit exists.

A vulnerability was found in coollabsio coolify up to 4.0.0-beta.434. It has been declared as critical. This issue affects some unknown processing. The manipulation results in improper neutralization of http headers for scripting syntax. This vulnerability was named CVE-2025-64425. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Craft CMS up to 4.16.16/5.8.20 and classified as problematic. This affects an unknown part of the component User Profile Photo Handler. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2025-68436. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in langgenius dify up to 1.10.x. This impacts an unknown function of the component API Key Handler. Executing a manipulation can lead to information disclosure. The identification of this vulnerability is CVE-2025-67732. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in code-projects Online Music Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument username/password leads to sql injection. This vulnerability is listed as CVE-2026-0605. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Cisco IOS and IOS XE and classified as critical. Affected by this vulnerability is an unknown functionality of the component SNMPv1/SNMPv2c/SNMPv3. The manipulation results in memory corruption. This vulnerability is known as CVE-2017-6742. It is possible to launch the attack remotely. Furthermore, an exploit is available. Changing the configuration settings is recommended.

A vulnerability marked as problematic has been reported in PHP Jabbers Document Creator 1.0. Impacted is an unknown function of the file index.php. Performing a manipulation of the argument action results in cross site scripting. This vulnerability is known as CVE-2023-36309. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as problematic has been found in Aiscon LogAnalyzer up to 4.1.13. This vulnerability affects unknown code of the file asktheoracle.php. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2023-36306. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in Talend Data Catalog 7.3-20210930/8.0-20220907/8.0-20230110. This impacts an unknown function of the component HeaderImageServlet. Executing a manipulation can lead to path traversal. The identification of this vulnerability is CVE-2023-36301. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in Typecho 1.2.1. The affected element is an unknown function of the file index.php. Such manipulation of the argument upload/options-general leads to unrestricted upload. This vulnerability is documented as CVE-2023-36299. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2023-36298. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical was found in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. This vulnerability appears as CVE-2026-0839. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.