Aggregator

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. This impacts the function diReadSpecial of the component jfs. The manipulation leads to deadlock. This vulnerability is documented as CVE-2025-37741. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. This affects the function vmd_dev::cfg_lock/pci_ops::write of the file kernel/locking/spinlock_rt.c. This manipulation causes improper locking. This vulnerability is tracked as CVE-2025-23161. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. The affected element is the function f2fs_truncate_inode_blocks of the file fs/f2fs/node.h. The manipulation leads to improper validation of array index. This vulnerability is documented as CVE-2025-37739. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. The affected element is the function dump_stack_lvl+0x1fd/0x300 of the component ext4. This manipulation causes use after free. This vulnerability is registered as CVE-2025-37738. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.87/6.12.23/6.13.11/6.14.2. Affected by this issue is the function mtk_scp of the component mediatek. The manipulation results in improper initialization. This vulnerability is identified as CVE-2025-23160. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. Affected by this vulnerability is the function empty_space. Such manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2025-23158. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. It has been classified as critical. The impacted element is an unknown function of the component media. Performing a manipulation results in out-of-bounds write. This vulnerability is known as CVE-2025-23159. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2026-4223. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. This vulnerability is registered as CVE-2026-4222. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. This vulnerability is cataloged as CVE-2026-4221. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. This vulnerability is listed as CVE-2026-4220. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #771109 / VDB-351147

Submit #770536 / VDB-351146

Австралийский предприниматель помог создать персональную мРНК-вакцину для смертельно больной собаки и удивил ученых.

Submit #770534 / VDB-351145

Submit #770523 / VDB-351144

A vulnerability categorized as problematic has been discovered in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS_KEY/HASH_KEY can lead to hard-coded credentials. This vulnerability is tracked as CVE-2026-4219. The attack is restricted to local execution. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #770513 / VDB-351143