Aggregator

Submit #745579 / VDB-344685

Submit #745547 / VDB-344684

A vulnerability, which was classified as critical, was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info Handler. The manipulation results in improper authorization. This vulnerability is reported as CVE-2026-2107. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as critical, has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the component Notice Management. The manipulation leads to improper authorization. This vulnerability is documented as CVE-2026-2106. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as critical was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executing a manipulation can lead to improper authorization. This vulnerability is registered as CVE-2026-2105. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #745517 / VDB-344683

Submit #745516 / VDB-344682

Submit #745515 / VDB-344681

A vulnerability classified as problematic has been found in p11-kit. Impacted is the function C_DeriveKey of the file rpc-message.c:. Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-2100. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in QEMU. This issue affects the function xen_physdev_map_pirq of the file hw/i386/kvm/xen_evtchn.c of the component KVM Xen. Such manipulation leads to off-by-one. This vulnerability is listed as CVE-2026-0665. The attack must be carried out locally. There is no available exploit. It is best practice to apply a patch to resolve this issue.

A vulnerability marked as problematic has been reported in ESET Management Agent up to 12.5.2104.0. This vulnerability affects unknown code. This manipulation causes time-of-check time-of-use. This vulnerability is tracked as CVE-2025-13818. The attack is restricted to local execution. No exploit exists.

A vulnerability labeled as problematic has been found in neo4j Enterprise Edition and Community Edition 4.4.48/5.26.20/5.26.21. This affects an unknown part of the component Query Log. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-1337. The attack can be executed remotely. Additionally, an exploit exists. The affected component should be upgraded.

Submit #745489 / VDB-344640

A vulnerability, which was classified as critical, was found in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. This vulnerability was named CVE-2026-2017. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in itsourcecode School Management System 1.0 and classified as critical. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. The identification of this vulnerability is CVE-2026-2018. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Yoast SEO Plugin up to 26.8 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Block Attribute Handler. This manipulation of the argument yoast-schema causes cross site scripting. The identification of this vulnerability is CVE-2026-1293. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.41/6.4.6. This affects the function ath11k_fw_stats_free. Such manipulation leads to memory leak. This vulnerability is traded as CVE-2023-53602. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 5.15.120/6.1.39/6.4.4 and classified as critical. Impacted is the function sa_ctl. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2023-53603. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.3.1. It has been rated as critical. This affects the function kmem_cache_destroy. Performing a manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2023-53604. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.