VulDB Recent Entries

A vulnerability was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL 1.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c of the component NetX Duo Web Component HTTP Server. The manipulation leads to integer underflow. This vulnerability is handled as CVE-2024-50596. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL 1.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c of the component NetX Duo Component HTTP Server. The manipulation leads to integer underflow. This vulnerability is known as CVE-2024-50595. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL 1.0.0. It has been classified as problematic. Affected is an unknown function of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c of the component NetX Duo Web Component HTTP Server. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2024-50594. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL and classified as critical. This issue affects some unknown processing of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c of the component NetX Component HTTP Server. The manipulation leads to incomplete cleanup. The identification of this vulnerability is CVE-2024-50385. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL and classified as critical. This vulnerability affects unknown code of the file x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c of the component NetX Component HTTP Server. The manipulation leads to incomplete cleanup. This vulnerability was named CVE-2024-50384. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in STMicroelectronics X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB and X-CUBE-AZRTOS-WL. This affects an unknown part of the component FileX Internal RAM Interface. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-45064. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-3123. The attack may be launched remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he philosophy has always been, admin [...] bear responsibility to not install themes/plugins from untrusted sources."

A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-3122. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-3121. Local access is required to approach this attack. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injection. The identification of this vulnerability is CVE-2025-3120. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-3119. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been classified as critical. This affects an unknown part of the file /tutor/courses/view_course.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-3118. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in HACHI Crypt::Salt 0.01 on Perl and classified as problematic. Affected by this issue is the function rand. The manipulation leads to cryptographically weak prng. This vulnerability is handled as CVE-2025-1805. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Django up to 5.0.13/5.1.7 on Windows and classified as problematic. Affected by this vulnerability is the function django.contrib.auth.views.LoginView/django.contrib.auth.views.LogoutView/django.views.i18n.set_language of the component Normalization Handler. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-27556. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in SquirrelMail up to 1.4.23-svn-20250401/1.5.2-svn-20250401. Affected is an unknown function of the file mime.php of the component E-Mail Header Handler. The manipulation of the argument encoded leads to cross site scripting. This vulnerability is traded as CVE-2025-30090. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.13.7. This issue affects some unknown processing of the file fs/netfs/read_collect. The manipulation of the argument prev_donated leads to denial of service. The identification of this vulnerability is CVE-2025-21988. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. This vulnerability affects the function ibft_attr_show_nic of the file /sys/firmware/ibft/ethernetX/subnet-mask of the component iSCSI boot. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-21993. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.19/6.13.7. This affects the function dce60_tg_funcs of the component AMD Display. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-21989. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.17/6.13.5. It has been rated as problematic. Affected by this issue is the function amdgpu_ttm_clear_buffer of the component AMD GPU. The manipulation leads to uninitialized pointer. This vulnerability is handled as CVE-2025-21987. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HID. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-21992. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.