Vuldb Updates

A vulnerability was found in codepeople Calculated Fields Form Plugin up to 5.3.58 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-49291. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in CloudClassroom PHP Project. It has been classified as problematic. This affects an unknown part of the file askquery.php. The manipulation of the argument eid leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-46178. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2025-5877. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in OWASP ModSecurity up to 2.9.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sanitiseArg/sanitizeArg leads to excessive platform resource consumption within a loop. This vulnerability is known as CVE-2025-48866. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HPE StoreOnce Software up to 4.3.10 and classified as critical. This issue affects some unknown processing. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-37090. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in HPE StoreOnce Software up to 4.3.10. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2025-37095. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. This vulnerability is handled as CVE-2025-5439. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. This vulnerability is uniquely identified as CVE-2025-5440. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in PHP up to 8.1.31/8.2.27/8.3.18/8.4.4. This affects the function check_has_header. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-1736. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PHP up to 8.1.31/8.2.27/8.3.18/8.4.4 and classified as problematic. This vulnerability affects unknown code of the component HTTP Wrapper Truncate Handler. The manipulation leads to open redirect. This vulnerability was named CVE-2025-1861. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in rust-ethereum Ethereum up to 0.17.x and classified as problematic. This issue affects some unknown processing. The manipulation leads to improper check for unusual conditions. The identification of this vulnerability is CVE-2025-53359. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco DNA Spaces Connector. Affected by this vulnerability is an unknown functionality of the component CLI. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-20308. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Cisco Enterprise Chat and Email. Affected by this issue is some unknown functionality of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-20310. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cinnamon kotaemon up to 0.10.6 and classified as critical. This vulnerability affects the function index_fn of the file libs/ktem/ktem/index/file/ui.py. The manipulation leads to path traversal. This vulnerability was named CVE-2025-53358. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Tiny File Manager up to 2.4.7 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-40490. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Tiny File Manager up to 2.4.7 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to session fixiation. This vulnerability is handled as CVE-2022-40916. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in DouPHP 1.8. Affected by this vulnerability is an unknown functionality of the file /admin/article.php. The manipulation of the argument description leads to cross site scripting. This vulnerability is known as CVE-2024-57599. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in TP-Link TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 and classified as critical. Affected by this issue is the function sub_4256CC. The manipulation of the argument devpwd leads to command injection. This vulnerability is handled as CVE-2024-57357. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in advplyr audiobookshelf up to 2.19.0. Affected by this issue is some unknown functionality of the file /api/items/1/cover of the component Query Parameter Handler. The manipulation leads to exposure of sensitive information through data queries. This vulnerability is handled as CVE-2025-25205. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in lunary-ai lunary up to 1.6.2. This vulnerability affects unknown code of the component POST Request Handler. The manipulation leads to improper enforcement of a single, unique action. This vulnerability was named CVE-2024-11301. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.