Vuldb Updates

A vulnerability, which was classified as critical, has been found in OpenRepeater up to 2.1. Affected by this issue is some unknown functionality of the file functions/ajax_system.php. The manipulation of the argument post_service leads to os command injection. This vulnerability is documented as CVE-2019-25024. The attack requires being on the local network. Additionally, an exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in code-projects Currency Exchange System 1.0 and classified as critical. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2025-14218. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0 and classified as critical. The impacted element is an unknown function of the file /admin/admin_running.php. Executing manipulation of the argument product_image can lead to unrestricted upload. This vulnerability is registered as CVE-2025-14219. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in Linux Kernel up to 6.17.7 and classified as critical. This affects the function sco_conn_free of the file net/bluetooth/sco.c of the component Bluetooth. Performing manipulation results in use after free. This vulnerability was named CVE-2025-40309. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.6.116/6.12.57/6.17.7 and classified as critical. This vulnerability affects the function amdgpu_amdkfd_device_fini_sw. Executing manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2025-40310. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.116/6.12.57/6.17.7. The impacted element is the function smb2_query_info_compound of the component smb. Such manipulation leads to use after free. This vulnerability is listed as CVE-2025-40320. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.17.7. Affected by this vulnerability is the function set_init_blocksize of the file fs/crypto/inline_crypt.c of the component fscrypt. The manipulation results in allocation of resources. This vulnerability is reported as CVE-2025-40295. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.3.3. This impacts the function vcs_write of the file drivers/tty/vt/vc_screen.c. Performing manipulation results in use after free. This vulnerability is known as CVE-2023-53747. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.17.7 and classified as critical. This affects the function xattr_key. The manipulation results in buffer overflow. This vulnerability is identified as CVE-2025-40306. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.17.7. It has been classified as critical. This impacts the function bcsp_recv of the component BCSP Protocol. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2025-40308. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.15.3/6.16-rc2. The affected element is an unknown function. Performing manipulation results in allocation of resources. This vulnerability is known as CVE-2025-38196. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.15.3. Affected by this issue is the function jffs2_link_node_ref of the file fs/jffs2/nodelist.c of the component jffs2. Such manipulation leads to unchecked return value. This vulnerability is uniquely identified as CVE-2025-38194. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.16-rc1. Impacted is an unknown function of the component net_sched. Such manipulation leads to race condition. This vulnerability is traded as CVE-2025-38193. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel. This affects the function huge_pte_offset of the component LoongArch. Performing manipulation results in unchecked return value. This vulnerability was named CVE-2025-38195. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3/6.16-rc1. It has been classified as critical. Affected by this vulnerability is the function netif_rx of the file net/ipv6/ip6_input.c. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-38192. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.12.34/6.15.3/6.16-rc2 and classified as critical. Affected by this vulnerability is the function v3d_job_update_stats of the component File Descriptor Handler. Performing manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-38189. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.16-rc2. This affects the function atm_account_tx of the file net/atm/common.c of the component atm. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-38190. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.141/6.6.94/6.12.34/6.15.3/6.16-rc2. This impacts the function ksmbd_krb5_authenticate of the component ksmbd. The manipulation of the argument User leads to null pointer dereference. This vulnerability is traded as CVE-2025-38191. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.34/6.15.3/6.16-rc2. It has been classified as critical. Affected is the function bnxt_ulp_stop/bnxt_ulp_start of the component RoCE Driver. Performing manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-38186. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.15.3/6.16-rc2. Impacted is the function r535_gsp_rpc_push of the component nouveau. Performing manipulation results in use after free. This vulnerability was named CVE-2025-38187. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.