VulDB Recent Entries

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1 and classified as critical. Affected by this issue is the function devm_request_mem_region of the file /proc/iomem. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-21804. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.13/6.13.2/6.14-rc1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file kernel/time/timer_migration.c of the component migration. The manipulation leads to off-by-one. This vulnerability is known as CVE-2025-21813. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.13/6.13.2/6.14-rc1. This issue affects the function cpu_stop_signal_done of the component hrtimers. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-21816. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2/6.14-rc1. Affected is the function xen_hypercall_hvm. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-21818. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. This vulnerability affects the function process_backlog. The manipulation leads to state issue. This vulnerability was named CVE-2025-21806. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.13.1. This affects the function queue_attr_store. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2025-21807. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been rated as critical. Affected by this issue is the function ax25_setsockopt of the component ax25. The manipulation leads to deadlock. This vulnerability is handled as CVE-2025-21812. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tuoshi Dionlink LT15D 4G Wi-Fi and LT21B up to 1.0.1481.15.02/1.0.1802.10.08. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/formJSONAjaxReq. The manipulation leads to os command injection. This vulnerability is known as CVE-2024-53944. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been classified as problematic. Affected is the function pci_disable_sriov of the component hns3. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2025-21802. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.13.1 and classified as critical. This issue affects the function IS_ERR of the component th1520. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-58022. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1 and classified as critical. This vulnerability affects the function tegra_emc_find_node_by_ram_code of the component tegra20-emc. The manipulation of the argument device leads to use after free. This vulnerability was named CVE-2024-58034. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.12/6.13.1. This affects the function HWS_SET32 of the component mlx5. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-21800. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.12/6.13.1. Affected by this vulnerability is the function rht_grow_above_75 of the component rhashtable. The manipulation leads to deadlock. This vulnerability is known as CVE-2024-58042. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.12/6.13.1. Affected by this issue is the function kunit_kzalloc of the component firewire. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-21798. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. Affected is the function am65_cpsw_nuss_remove_tx_chns of the component am65-cpsw. The manipulation of the argument error leads to null pointer dereference. This vulnerability is traded as CVE-2025-21799. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.75/6.12.12/6.13.1. It has been rated as problematic. This issue affects the function enable_gpe_wakeup of the file kernel/time/timekeeping.c of the component Function Call Handler. The manipulation leads to state issue. The identification of this vulnerability is CVE-2025-21803. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been declared as critical. This vulnerability affects the function rcu_dereference_protected of the component ravb. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-21801. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mastodon up to 4.1.22/4.2.15/4.3.3. It has been classified as problematic. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-27399. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mastodon up to 4.2.15/4.3.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /auth/setup. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2025-27157. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Melapress WP Activity Log 5.3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file myapp/classes/Writers/class-csv-writer.php. The manipulation leads to deserialization. This vulnerability is known as CVE-2025-0767. The attack can be launched remotely. There is no exploit available.