VulDB Recent Entries

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.131/6.6.84/6.12.20/6.13.8. Affected by this issue is the function lec_send of the component atm. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-22004. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.84/6.12.20/6.13.8. Affected by this vulnerability is the function qaic_validate_req. The manipulation leads to integer overflow. This vulnerability is known as CVE-2025-22001. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.20/6.13.8. Affected is an unknown function of the component huge_memory. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-22000. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.131/6.6.84/6.12.20/6.13.8. It has been rated as critical. This issue affects the function proc_get_inode. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-21999. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.131/6.6.84/6.12.20/6.13.8. It has been declared as problematic. This vulnerability affects the function xp_create_and_assign_umem. The manipulation of the argument chunk_size leads to integer overflow. This vulnerability was named CVE-2025-21997. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.84/6.12.20/6.13.8. It has been classified as critical. This affects the function dma_fence_add_callback. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2025-21995. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.20/6.13.8 and classified as critical. Affected by this issue is some unknown functionality of the component Efivars Service. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-21998. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.131/6.6.84/6.12.20/6.13.8 and classified as critical. Affected by this vulnerability is the function radeon_vce_cs_parse. The manipulation leads to uninitialized pointer. This vulnerability is known as CVE-2025-21996. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.20/6.13.8. Affected is the function invalidate_cache of the component netfs. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-22002. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The identification of this vulnerability is CVE-2025-3167. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Product Management System 1.0. This vulnerability affects the function search_item of the component Search Product Menu. The manipulation of the argument target leads to stack-based buffer overflow. This vulnerability was named CVE-2025-3166. Local access is required to approach this attack. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. This vulnerability is uniquely identified as CVE-2025-3165. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-3164. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. This vulnerability is known as CVE-2025-3163. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-3162. Attacking locally is a requirement. Furthermore, there is an exploit available.

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-3161. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-3160. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-3159. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-3158. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Century Systems FutureNet NXR-1420, FutureNet NXR-1300, FutureNet NXR-650, FutureNet NXR-610X, FutureNet NXR-530, FutureNet NXR-350, C, FutureNet NXR-230, FutureNet NXR-160, LW, FutureNet NXR-G540, FutureNet NXR-G260, FutureNet NXR-G240, FutureNet NXR-G180, L-CA, FutureNet NXR-G120, FutureNet NXR-G110, FutureNet NXR-G100, FutureNet NXR-G060, FutureNet NXR-G050, FutureNet VXR-x64, FutureNet VXR-x86, FutureNet NXR-1200, FutureNet NXR-130, FutureNet NXR-155, C-L, C-XW, C-WM, FutureNet NXR-125, CX, FutureNet NXR-120, SLW, SL, S, N, F and FutureNet WXR-250. Affected by this vulnerability is an unknown functionality of the component External Storage Handler. The manipulation leads to symlink following. This vulnerability is known as CVE-2025-30485. It is possible to launch the attack on the physical device. There is no exploit available.