Vuldb Updates

A vulnerability was found in P5 FNIP-8x16A and FNIP-4xSH 1.0.11/1.0.20 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2020-36906. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. This vulnerability is listed as CVE-2026-0641. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Linux Kernel up to 6.17.12/6.18.1. It has been declared as critical. Impacted is the function iommu_mmio_write. Executing a manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2025-68760. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.17.12/6.18.1. This impacts the function __netpoll_setup of the file kernel/workqueue.c of the component netpoll. Such manipulation leads to uninitialized pointer. This vulnerability is traded as CVE-2025-68762. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Linux Kernel up to 6.18.1. Affected by this vulnerability is the function hfs_correct_next_unused_CNID. Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2025-68761. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in coollabsio coolify up to 4.0.0-beta.450 and classified as critical. The impacted element is an unknown function of the component Database Import. Executing a manipulation can lead to os command injection. The identification of this vulnerability is CVE-2025-66210. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in coollabsio coolify up to 4.0.0-beta.450 and classified as critical. The affected element is an unknown function of the component Database Backup Handler. Performing a manipulation results in os command injection. This vulnerability was named CVE-2025-66209. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Testimonial Master Plugin up to 0.2.1 on WordPress. It has been declared as problematic. This affects an unknown part. Executing a manipulation of the argument $_SERVER['PHP_SELF'] can lead to cross site scripting. The identification of this vulnerability is CVE-2025-14127. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Stumble! Plugin up to 1.1.1 on WordPress. It has been rated as problematic. This vulnerability affects unknown code. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. This vulnerability is referenced as CVE-2025-14128. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability identified as problematic has been detected in Starred Review Plugin up to 1.4.2 on WordPress. Impacted is an unknown function. This manipulation of the argument $_SERVER['PHP_SELF'] causes cross site scripting. This vulnerability is tracked as CVE-2025-14118. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in WP Widget Changer Plugin up to 1.2.5 on WordPress. The affected element is an unknown function. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. This vulnerability is listed as CVE-2025-14131. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in Post Like Dislike Plugin up to 1.0 on WordPress. The impacted element is an unknown function. Performing a manipulation of the argument $_SERVER['PHP_SELF'] results in cross site scripting. This vulnerability is cataloged as CVE-2025-14130. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Mstoic Shortcodes Plugin up to 2.0 on WordPress and classified as problematic. This affects the function ms_youtube_embeds of the component Shortcode Handler. This manipulation of the argument Home causes cross site scripting. This vulnerability appears as CVE-2025-14144. The attack may be initiated remotely. There is no available exploit.

A vulnerability identified as problematic has been detected in EDD Download Info Plugin up to 1.1 on WordPress. This vulnerability affects the function edd_download_info_link of the component Shortcode Handler. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-14121. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in AD Sliding FAQ Plugin up to 2.4 on WordPress. Impacted is the function sliding_faq of the component Shortcode Handler. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-14122. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in coollabsio coolify 4.0.0-beta.434. This affects an unknown function of the file /login of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to allocation of resources. This vulnerability is documented as CVE-2025-64422. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in coollabsio coolify up to 4.0.0-beta.434. It has been rated as critical. Impacted is an unknown function. This manipulation causes improper authentication. The identification of this vulnerability is CVE-2025-64423. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istore_id leads to sql injection. This vulnerability is documented as CVE-2025-15205. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4  of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. This vulnerability is documented as CVE-2025-15139. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-15145. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.