Vuldb Updates

A vulnerability classified as problematic was found in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. This vulnerability is listed as CVE-2026-3393. The attack must be carried out locally. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 18.7.4/18.8.4/18.9.0. Affected by this issue is some unknown functionality of the component CI. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2025-3525. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 18.7.4/18.8.4/18.9.0. The affected element is an unknown function. Executing a manipulation can lead to allocation of resources. The identification of this vulnerability is CVE-2026-2845. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability marked as problematic has been reported in GitLab Community Edition and Enterprise Edition up to 18.7.4/18.8.4/18.9.0. This affects an unknown function of the component Jira Events Endpoint. Performing a manipulation results in allocation of resources. This vulnerability was named CVE-2026-1662. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in stb 2.27. It has been classified as critical. This vulnerability affects the function stbi__jpeg_huff_decode of the file stb_image.h. Performing a manipulation results in use after free. This vulnerability is known as CVE-2022-28042. Access to the local network is required for this attack. No exploit is available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in ImageMagick up to 6.9.13-39/7.1.2-14. It has been classified as problematic. The impacted element is an unknown function of the component Image Parser. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2026-27798. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability identified as problematic has been detected in GitLab Community Edition and Enterprise Edition up to 18.7.4/18.8.4/18.9.0. The affected element is an unknown function. This manipulation causes inefficient regular expression complexity. This vulnerability is handled as CVE-2026-1388. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in stb up to 2.27. It has been classified as problematic. This issue affects some unknown processing of the file stb_image.h of the component HDR Loader. Performing a manipulation results in denial of service. This vulnerability is identified as CVE-2021-42715. The attack can only be performed from the local network. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in stb 2.27 and classified as problematic. This affects the function stbi__jpeg_decode_block_prog_dc of the file stb_image.h. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2022-28041. Access to the local network is required for this attack to succeed. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability marked as critical has been reported in stb 2.27. Impacted is the function stbi__jpeg_load of the file stb_image.h. Performing a manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2021-37789. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability was found in stb 2.26 and classified as critical. This issue affects the function stbi__extend_receive of the file stb_image.h of the component JPEG File Handler. Such manipulation leads to buffer overflow. This vulnerability is documented as CVE-2021-28021. The attack requires being on the local network. There is not any exploit available.

A vulnerability classified as problematic has been found in PHP Jabbers Time Slots Booking Calendar 4.0. This impacts an unknown function. Performing a manipulation of the argument name/plugin_sms_api_key/plugin_sms_country_code/calendar_id/title/country name/customer_name results in basic cross site scripting. This vulnerability was named CVE-2023-48827. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in GaatiTrack Courier Management System 1.0. It has been rated as critical. This vulnerability affects unknown code of the file ajax.php of the component Login. Performing a manipulation of the argument email results in sql injection. This vulnerability is reported as CVE-2023-48823. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in PHP Jabbers Time Slots Booking Calendar 4.0. The impacted element is an unknown function of the component Reservations List Handler. The manipulation results in csv injection. This vulnerability is reported as CVE-2023-48826. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability has been found in Availability Booking Calendar 5.0 and classified as problematic. Impacted is an unknown function. Performing a manipulation of the argument SMS API Key/Default Country Code results in basic cross site scripting. This vulnerability is identified as CVE-2023-48825. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in BoidCMS 2.0.1. It has been rated as problematic. This impacts an unknown function. This manipulation of the argument title/subtitle/footer/keywords causes cross site scripting. This vulnerability is registered as CVE-2023-48824. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in kkFileView 4.3.0. Impacted is an unknown function. Executing a manipulation can lead to improper access controls. This vulnerability is registered as CVE-2023-48815. The attack requires access to the local network. No exploit is available.

A vulnerability marked as critical has been reported in WP Mail Logging Plugin up to 1.15.0 on WordPress. The affected element is the function maybe_unserialize of the component Log Message Handler. The manipulation leads to deserialization. This vulnerability is listed as CVE-2026-2471. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in Tutor LMS Plugin up to 3.9.4/3.9.6 on WordPress. The impacted element is an unknown function. The manipulation of the argument coupon_code results in sql injection. This vulnerability is cataloged as CVE-2025-13673. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.0.6. It has been classified as critical. This affects the function nsim_drv_probe of the component netdevsim. This manipulation causes memory leak. This vulnerability is registered as CVE-2022-50500. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.