Aggregator

Submit #811532 / VDB-364402

Submit #811531 / VDB-364401

Submit #811530 / VDB-364400

Submit #811529 / VDB-364399

A vulnerability was found in linlinjava litemall up to 1.8.0. It has been classified as critical. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument db/password leads to argument injection. This vulnerability is uniquely identified as CVE-2026-8773. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in linlinjava litemall up to 1.8.0 and classified as critical. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. This vulnerability is handled as CVE-2026-8772. The attack can be executed remotely. Additionally, an exploit exists. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in linlinjava litemall up to 1.8.0 and classified as critical. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. This vulnerability is known as CVE-2026-8771. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #811469 / VDB-364398

Submit #811468 / VDB-364397

Submit #811467 / VDB-364396

A vulnerability, which was classified as problematic, was found in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. This vulnerability is traded as CVE-2026-8770. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. This vulnerability appears as CVE-2026-8769. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. This vulnerability is reported as CVE-2026-8768. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. This vulnerability is documented as CVE-2026-8767. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.15/6.19.5. This impacts the function for_each_child_of_node_scoped of the component Misc. This manipulation causes memory leak. This vulnerability is handled as CVE-2025-71290. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.166/6.6.129/6.12.76/6.18.16/6.19.5. This impacts an unknown function of the component memory. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2025-71288. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.19.5. Affected is the function attr_set_size of the component ntfs3. Executing a manipulation can lead to state issue. This vulnerability is handled as CVE-2025-71289. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.19.5. Affected by this issue is the function input_mapping of the component HID. The manipulation leads to denial of service. This vulnerability is traded as CVE-2026-43140. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.19.5 and classified as critical. This vulnerability affects the function ntb_hw_switchtec. This manipulation causes out-of-bounds read. This vulnerability is handled as CVE-2026-43141. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.15/6.19.5 and classified as critical. This issue affects the function mfd_of_node_list of the component mfd. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2026-43143. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.