Vuldb Updates

A vulnerability classified as problematic was found in Wftpserver Wing FTP Server 6.0.7. This affects an unknown part. Such manipulation leads to unquoted search path. This vulnerability is documented as CVE-2019-25267. The attack needs to be performed locally. Additionally, an exploit exists.

A vulnerability has been found in Openeclass GUnet OpenEclass 1.7.3 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument unvalidated leads to sql injection. This vulnerability is traded as CVE-2020-37112. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualize_data. Such manipulation of the argument vegalite_specification leads to code injection. This vulnerability is listed as CVE-2026-1977. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, has been found in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. This vulnerability is cataloged as CVE-2026-1978. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should change the configuration settings.

A vulnerability, which was classified as critical, was found in Keylime 7.12.0. This vulnerability affects unknown code of the component TLS Authentication. Executing a manipulation can lead to key exchange without entity authentication. This vulnerability is registered as CVE-2026-1709. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic was found in Tanium Client. Affected is an unknown function. Such manipulation leads to multiple binds to the same port. This vulnerability is referenced as CVE-2025-15320. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in lolypop55 html5_snmp 1.11. It has been declared as problematic. This issue affects some unknown processing of the file add_router_operation.php of the component POST Request Handler. The manipulation of the argument Remark results in cross site scripting. This vulnerability is known as CVE-2019-25294. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in thejshen contentManagementSystem 1.04. This vulnerability affects unknown code of the component GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2019-25303. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Acer Launch Manager 6.1.7600.16385. It has been rated as problematic. This vulnerability affects unknown code of the file C:\Program Files (x86)\Launch Manager\dsiwmis.exe. This manipulation causes unquoted search path. This vulnerability appears as CVE-2019-25302. The attack requires local access. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in Alps HID Monitor Service 8.1.0.10. This issue affects some unknown processing of the file C:\Program Files\Apoint2K\HidMonitorSvc.exe. Such manipulation leads to unquoted search path. This vulnerability is traded as CVE-2019-25292. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in Issivs Intelligent Security System SecurOS Enterprise 10.0.18362. Impacted is an unknown function of the file C:\Program Files (x86)\ISS\SecurOS\. Performing a manipulation results in unquoted search path. This vulnerability is known as CVE-2019-25304. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability categorized as problematic has been discovered in thrsrossi Millhouse Project 1.414. The affected element is an unknown function of the file add_comment_sql.php. Such manipulation of the argument content leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-25301. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in rimbalinux AhadPOS 1.11. It has been declared as critical. The impacted element is an unknown function of the component POST Handler. Such manipulation of the argument alamatCustomer leads to sql injection. This vulnerability is traded as CVE-2019-25299. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in lolypop55 html5_snmp 1.11. This affects an unknown part. This manipulation of the argument Router_ID/Router_IP causes sql injection. This vulnerability is handled as CVE-2019-25298. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in thejshen Globitek CMS 1.4. It has been declared as critical. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2019-25300. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in AllHandsMarketing PhpIX 2012 Professional. This affects an unknown function of the file product_detail.php. The manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2020-37108. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in redmine PMB 5.6. This impacts an unknown function of the file /admin/sauvegarde/download.php of the component Requests Handler. The manipulation of the argument logid results in sql injection. This vulnerability is cataloged as CVE-2020-37105. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Davidvg 60CycleCMS 2.5.2. Affected is an unknown function in the library common/lib.php of the file news.php of the component Query Parameter Handler. This manipulation causes sql injection. This vulnerability is registered as CVE-2020-37110. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. This vulnerability is referenced as CVE-2026-2064. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Flycatcher Toys smART Pixelator 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. This vulnerability is identified as CVE-2026-2065. The attack can only be performed from the local network. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.