Aggregator

Submit #603386 / VDB-314335

A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-6858. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-6857. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-6856. Attacking locally is a requirement. Furthermore, there is an exploit available.

Submit #603378 / VDB-314334

Submit #603375 / VDB-314333

Submit #603374 / VDB-314332

Submit #603373 / VDB-314331

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The identification of this vulnerability is CVE-2025-6855. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

Submit #602530 / VDB-314330

A vulnerability classified as critical was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. This vulnerability was named CVE-2025-6854. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. This vulnerability is uniquely identified as CVE-2025-6853. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #602529 / VDB-314329

Submit #602528 / VDB-314328

Submit #601162 / VDB-314327

Submit #601161 / VDB-314326

Submit #601155 / VDB-314325

A vulnerability was found in Linux Kernel up to 6.15.3. It has been rated as problematic. Affected by this issue is the function mii_nway_restart of the component ch9200. The manipulation leads to unchecked return value. This vulnerability is handled as CVE-2025-38086. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been declared as critical. Affected by this vulnerability is the function huge_pmd_unshare of the component hugetlb. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-38085. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been classified as critical. Affected is the function __split_vma of the component HugeTLB Page Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-38084. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.