Vuldb Updates

A vulnerability categorized as problematic has been discovered in Adobe Experience Manager up to 6.5.23. Affected is an unknown function. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-27240. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Adobe Experience Manager up to 6.5.23. Affected by this vulnerability is an unknown functionality. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-27241. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Adobe Experience Manager up to 6.5.23. Affected by this issue is some unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-27242. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Adobe Experience Manager up to 6.5.23. This vulnerability affects unknown code. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2026-27244. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in libexif up to 0.6.25. This issue affects the function exif_mnote_data_get_value of the component MakerNotes Decoder. Such manipulation leads to integer underflow. This vulnerability is uniquely identified as CVE-2026-32775. Local access is required to approach this attack. No exploit exists.

A vulnerability described as critical has been identified in OpenHarmony up to 5.1.0.x. This affects an unknown function of the component Pre-installed Apps. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2025-52458. The attack is only possible with local access. There is not any exploit available.

A vulnerability classified as critical has been found in thermalright TR-VISION HOME up to 2.0.4 on Windows. This impacts an unknown function. This manipulation causes inclusion of functionality from untrusted control sphere. This vulnerability is tracked as CVE-2026-4255. The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. This vulnerability is reported as CVE-2026-4225. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-4226. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2026-4227. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. This vulnerability is known as CVE-2026-4228. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in iText 7.1.17. This vulnerability affects the function ByteBuffer.append of the component PDF File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-24197. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Oracle Retail Xstore Point of Service 17.0.6/18.0.5/19.0.4/20.0.3/21.0.2 and classified as critical. The impacted element is an unknown function of the component Xenvironment. Such manipulation leads to time-of-check time-of-use. This vulnerability is documented as CVE-2022-23181. The attack needs to be performed locally. There is not any exploit available.

A vulnerability has been found in Oracle Financial Services Crime and Compliance Management Studio 8.0.8.2.0/8.0.8.3.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Studio. The manipulation leads to time-of-check time-of-use. This vulnerability is uniquely identified as CVE-2022-23181. Local access is required to approach this attack. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Oracle Communications Instant Messaging Server 10.0.1.6.0. Affected is an unknown function of the component Installation. The manipulation leads to time-of-check time-of-use. This vulnerability is uniquely identified as CVE-2022-23181. Local access is required to approach this attack. No exploit exists.

A vulnerability described as critical has been identified in Oracle Financial Services Model Management and Governance 8.0.8.0/8.1.0.0/8.1.1.0. This affects an unknown part of the component Installer/Configuration. Executing a manipulation can lead to time-of-check time-of-use. This vulnerability is registered as CVE-2022-23181. The attack needs to be launched locally. No exploit is available.

A vulnerability described as problematic has been identified in libarchive. Affected by this issue is the function archive_read_data of the component RAR5 Decompression Handler. Such manipulation leads to infinite loop. This vulnerability is listed as CVE-2026-4111. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as problematic was found in SAP NetWeaver Application Server for ABAP up to 816. This vulnerability affects unknown code. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-24310. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability labeled as problematic has been found in Vim up to 9.2.136. The affected element is the function nfa_max_width of the component Command Line Handler. Executing a manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2026-32249. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, has been found in Python CPython up to 3.14.x. This affects an unknown function of the component Tarfile Module. This manipulation causes incorrect comparison. This vulnerability appears as CVE-2025-13462. The attack requires local access. There is no available exploit. It is advisable to upgrade the affected component.