Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.87/6.12.23/6.13.11/6.14.2. Affected is the function hang_hws. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-37853. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7. Affected is an unknown function of the component Apache ActiveMQ. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2019-11358. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.13.10/6.14.1. It has been rated as problematic. Affected by this issue is the function kvm_exit of the file kernel/irq/manage.c. The manipulation leads to state issue. This vulnerability is handled as CVE-2025-23135. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.1. It has been declared as problematic. Affected by this vulnerability is the function vmxnet3_reset_work of the file net/core/xdp.c. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2025-22106. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.24/6.14.3/6.15-rc1 and classified as critical. Affected by this vulnerability is the function xe_migrate_clear. The manipulation leads to use after free. This vulnerability is known as CVE-2025-37869. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.23/6.13.11/6.14.2. It has been rated as problematic. This issue affects the function ath12k_pci_remove of the component wifi. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2025-37744. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.24/6.14.3/6.15-rc2. Affected by this issue is the function vma_modify of the component vma. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2025-37760. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.25/6.14.4 and classified as critical. Affected by this vulnerability is the function me_swapcache_dirty of the component vmscan. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2025-37834. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc1 and classified as critical. This issue affects the function iommu_device_register of the component IOMMU Driver. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2025-37877. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in code-projects Inventory Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument Username leads to sql injection. This vulnerability is traded as CVE-2025-6891. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ticketConfirmation.php. The manipulation of the argument Date leads to sql injection. The identification of this vulnerability is CVE-2025-6890. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /logIn.php. The manipulation of the argument postName leads to sql injection. This vulnerability was named CVE-2025-6889. The attack can be initiated remotely. Furthermore, there is an exploit available.