VulDB Recent Entries

A vulnerability classified as critical has been found in Jenkins. Affected is an unknown function. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-31721. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Jenkins up to 2.492.2/2.503. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2025-31720. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM TXSeries for Multiplatforms 9.1/11.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-56474. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM TXSeries for Multiplatforms 9.1/11.1. It has been declared as problematic. This vulnerability affects unknown code of the component Web UI. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-56475. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM TXSeries for Multiplatforms 9.1/11.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to observable response discrepancy. This vulnerability is handled as CVE-2024-56476. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM TXSeries for Multiplatforms 9.1/11.1. Affected is an unknown function. The manipulation leads to improper neutralization of http headers for scripting syntax. This vulnerability is traded as CVE-2025-0154. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM Jazz Reporting Service 7.0.2/7.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session expiration. This vulnerability is known as CVE-2024-25051. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM Content Navigator 3.0.11/3.0.15/3.1.0. This issue affects some unknown processing of the component Web UI. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-56341. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.131/6.6.84/6.12.20/6.13.8. This vulnerability affects the function parse_dcal of the component ksmbd. The manipulation of the argument num_aces leads to allocation of resources. This vulnerability was named CVE-2025-21994. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL 1.0.0. This affects an unknown part of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c of the component NetX Duo Component HTTP Server. The manipulation leads to integer underflow. This vulnerability is uniquely identified as CVE-2024-50597. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL 1.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c of the component NetX Duo Web Component HTTP Server. The manipulation leads to integer underflow. This vulnerability is handled as CVE-2024-50596. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL 1.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c of the component NetX Duo Component HTTP Server. The manipulation leads to integer underflow. This vulnerability is known as CVE-2024-50595. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL 1.0.0. It has been classified as problematic. Affected is an unknown function of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c of the component NetX Duo Web Component HTTP Server. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2024-50594. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL and classified as critical. This issue affects some unknown processing of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c of the component NetX Component HTTP Server. The manipulation leads to incomplete cleanup. The identification of this vulnerability is CVE-2024-50385. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL and classified as critical. This vulnerability affects unknown code of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c of the component NetX Component HTTP Server. The manipulation leads to incomplete cleanup. This vulnerability was named CVE-2024-50384. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL. This affects an unknown part of the component FileX Internal RAM Interface. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-45064. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-3123. The attack may be launched remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he philosophy has always been, admin [...] bear responsibility to not install themes/plugins from untrusted sources."

A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-3122. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-3121. Local access is required to approach this attack. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injection. The identification of this vulnerability is CVE-2025-3120. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.