Vuldb Updates

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.24/6.14.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument speed leads to divide by zero. This vulnerability is handled as CVE-2025-37766. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. Affected is the function diReadSpecial of the component jfs. The manipulation leads to deadlock. This vulnerability is traded as CVE-2025-37741. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.24/6.14.3/6.15-rc1. It has been declared as critical. Affected by this vulnerability is the function ttm_bo_delayed_delete of the component nouveau. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2025-37765. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.15-rc1. This affects an unknown part of the file net/tls/tls_strp.c of the component net. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-37756. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15-rc1. It has been classified as critical. This affects the function tipc_link_xmit. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-37757. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to deadlock. This vulnerability was named CVE-2025-23163. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. It has been classified as problematic. Affected is the function f2fs_truncate_inode_blocks of the file fs/f2fs/node.h. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2025-37739. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2 and classified as problematic. This issue affects some unknown processing of the component jfs. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2025-37740. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2 and classified as critical. Affected by this issue is the function dump_stack_lvl+0x1fd/0x300 of the component ext4. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-37738. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. It has been classified as critical. This affects the function empty_space. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-23158. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. Affected by this vulnerability is an unknown functionality of the component media. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-23157. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2 and classified as critical. This vulnerability affects unknown code of the component media. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-23159. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15-rc1 and classified as critical. This vulnerability affects the function do_split of the component ext4. The manipulation leads to use after free. This vulnerability was named CVE-2025-23150. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. Affected is an unknown function of the component media. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-23156. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php of the component Installation. The manipulation of the argument site_description leads to sql injection. This vulnerability is known as CVE-2025-5206. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadmin_update_profile.php. The manipulation of the argument nickname/email leads to sql injection. This vulnerability is handled as CVE-2025-5207. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in flaskBlog 2.6.1 and classified as problematic. This vulnerability affects unknown code of the file /post/{postTitle} of the component POST Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-28101. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Victure RX1800 1.0.0_r12_110933. Affected by this issue is some unknown functionality. The manipulation leads to use of default password. This vulnerability is handled as CVE-2025-28200. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in D-Link DIR-823X. It has been classified as critical. Affected is an unknown function of the file /goform/set_prohibiting of the component HTTP POST Request Handler. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-29635. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in CodeZips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/deleteroutine.php. The manipulation of the argument Name leads to sql injection. This vulnerability is uniquely identified as CVE-2025-29208. It is possible to initiate the attack remotely. There is no exploit available.