VulDB Recent Entries

A vulnerability classified as problematic was found in Lewe TeamCal Neo 3.8.2. This vulnerability affects unknown code of the file /teamcal/src/index.php. The manipulation of the argument abs leads to cross site scripting. This vulnerability was named CVE-2025-0930. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Lewe TeamCal Neo 3.8.2. This affects an unknown part of the file /teamcal/src/index.php. The manipulation of the argument abs leads to sql injection. This vulnerability is uniquely identified as CVE-2025-0929. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Acronis Cyber Protect Cloud Agent 36943/37758/38235/38565/39185. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to unquoted search path. This vulnerability is handled as CVE-2025-24831. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Acronis Cyber Protect Cloud Agent 36943/37758/38235/38565/39185. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. This vulnerability is known as CVE-2025-24830. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Acronis Cyber Protect Cloud Agent 36943/37758/38235/38565/39185. It has been classified as critical. Affected is an unknown function. The manipulation leads to untrusted search path. This vulnerability is traded as CVE-2025-24829. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Acronis Cyber Protect Cloud Agent 36943/37758/38235/38565/39185 and classified as critical. This issue affects some unknown processing. The manipulation leads to untrusted search path. The identification of this vulnerability is CVE-2025-24828. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Acronis Cyber Protect Cloud Agent 36943/37758/38235/38565/39185 and classified as critical. This vulnerability affects unknown code. The manipulation leads to untrusted search path. This vulnerability was named CVE-2025-24827. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.73/6.12.10. This affects the function _bh. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-21674. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10. Affected by this issue is the function bpf_sk_select_reuseport. The manipulation leads to memory leak. This vulnerability is handled as CVE-2025-21683. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10. Affected by this vulnerability is the function get_imix_entries in the library lib/dump_stack.c of the file net/core/pktgen.c. The manipulation leads to improper validation of array index. This vulnerability is known as CVE-2025-21680. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.10. Affected is the function get_canonical_dev_path. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-21679. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.126/6.6.73/6.12.10. It has been rated as problematic. This issue affects the function skb_tx_hash. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2025-21681. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.10. It has been declared as problematic. This vulnerability affects the function pfcp_newlink in the library lib/ref_tracker.c of the file drivers/net/pfcp.c. The manipulation leads to excessive iteration. This vulnerability was named CVE-2025-21677. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10. It has been classified as problematic. This affects the function gtp_newlink in the library lib/ref_tracker.c of the file drivers/net/gtp.c. The manipulation leads to excessive iteration. This vulnerability is uniquely identified as CVE-2025-21678. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.10 and classified as problematic. Affected by this issue is the function netdev_update_features. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-21682. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.126/6.6.73/6.12.10 and classified as problematic. Affected by this vulnerability is the function mlx5_lag_destroy_definers. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-21675. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.73/6.12.10. Affected is the function page_pool_dev_alloc_pages. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-21676. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in glenwpcoder Drag and Drop MultipUpload for Contact Form 7 Pluginle File up to 1.3.8.5 on WordPress. This issue affects the function dnd_codedropz_upload_delete of the file wp-config.php. The manipulation leads to file inclusion. The identification of this vulnerability is CVE-2024-12267. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10. This vulnerability affects the function vsock_*_has_data. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-21666. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10. This affects the function connect. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-21669. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.