Vuldb Updates

A vulnerability has been found in Zoom Workplace Desktop, Workplace VDI Client, Rooms Controller, Rooms Client and Meeting SDK up to 6.4.x on Windows and classified as problematic. The impacted element is an unknown function. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-58135. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in lostvip-com ruoyi-go up to 2.1. It has been declared as critical. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. This vulnerability is registered as CVE-2025-9410. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-9384. The attack is only possible with local access. Additionally, an exploit exists. Upgrading the affected component is advised. The vendor explains, that he was "[a]ble to reproduce in 6fcbf03 but not in 4.5.2-beta2".

A vulnerability, which was classified as problematic, has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. This vulnerability is tracked as CVE-2025-9385. The attack is restricted to local execution. Moreover, an exploit is present. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. This vulnerability is listed as CVE-2025-9386. The attack must be carried out locally. In addition, an exploit is available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Garmin GarminOS up to 4.1.7. The impacted element is an unknown function of the component CIQ API. The manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2023-23301. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in Garmin GarminOS up to 4.1.7. It has been declared as critical. The affected element is an unknown function of the component CIQ API. Executing manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2023-23302. The attack can only be executed locally. There is no exploit available.

A vulnerability was found in Garmin GarminOS up to 4.1.7. It has been classified as critical. Impacted is an unknown function of the component API. Performing manipulation results in buffer overflow. This vulnerability was named CVE-2023-23300. The attack needs to be approached locally. There is no available exploit.

A vulnerability identified as critical has been detected in Garmin GarminOS up to 4.1.7. The affected element is an unknown function of the component TVM. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2023-23299. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability has been found in Korenix Jetwave 3000 and Jetwave 4200 and classified as critical. This affects an unknown part of the file /goform/formSysCmd. This manipulation of the argument sysCmd causes command injection. This vulnerability is tracked as CVE-2023-23295. The attack is only possible within the local network. No exploit exists.

A vulnerability was found in Korenix Jetwave 3200 and Jetwave 4200 and classified as problematic. The affected element is an unknown function of the file /goform/formDefault. Executing manipulation can lead to denial of service. This vulnerability is tracked as CVE-2023-23296. The attack is only possible within the local network. No exploit exists.

A vulnerability was found in Garmin GarminOS up to 4.1.7 and classified as critical. This issue affects some unknown processing of the component API. Such manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2023-23298. Local access is required to approach this attack. No exploit exists.

A vulnerability was found in Oracle Concurrent Processing up to 12.2.14. It has been rated as critical. This vulnerability affects unknown code of the component BI Publisher Integration. This manipulation causes improper authentication. This vulnerability is tracked as CVE-2025-61882. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in QNAP QTS and QuTS hero. This affects an unknown function. Executing manipulation can lead to format string. This vulnerability is registered as CVE-2025-53407. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security. This affects an unknown part. The manipulation results in improper access controls. This vulnerability was named CVE-2025-49154. The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as critical has been found in OISF suricata up to 7.0.10/8.0.0-rc1. Affected by this issue is some unknown functionality of the component HTTP2 Handler. The manipulation leads to allocation of resources. This vulnerability is documented as CVE-2025-53538. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This issue affects some unknown processing of the file /adpweb/a/sys/office/treeData. Such manipulation of the argument extId leads to sql injection. This vulnerability is traded as CVE-2025-8806. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. This vulnerability is reported as CVE-2025-9303. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. This vulnerability is tracked as CVE-2025-9149. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, was found in Frappe LMS up to 2.33.0. This vulnerability affects unknown code of the component SVG File Handler. Executing manipulation can lead to unrestricted upload. This vulnerability is registered as CVE-2025-55006. It is possible to launch the attack remotely. No exploit is available.