CVE-2025-24348

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the wireless network configuration file via a crafted HTTP request...

CVE-2025-24342

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...

CVE-2025-24350

A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request...

CVE-2025-24338

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests...

CVE-2025-24341

The CVE-2025-24341 vulnerability affects the web application of ctrlX OS. A remote authenticated (low-privileged) attacker can induce a Denial-of-Service (DoS) on the device by sending multiple crafted HTTP requests, with the worst case requiring a full power cycle to regain control. According to...

CVE-2025-24339

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle MitM, via a crafted HTTP request...

CVE-2025-2258

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...

CVE-2025-2784

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server...

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary code or commands.

The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands using specially created HTTP...

CVE-2023-33302

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...

CVE-2025-27716

CVE-2025-27716 affects HGW-BL1500HM (Ver 002.002.003 and earlier) and is a path traversal vulnerability in the USB storage file-sharing function. The issue arises in the file/folder listing path handling, allowing a crafted HTTP request from a LAN-connected device to obtain and/or alter product f...

The vulnerability of the check_dws_cookie() function in the wireless repeater software of D-Link DAP-1620 allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the checkdwscookie function in the wireless repeater software developed by D-Link DAP-1620 lies in the fact that the operation’s output escapes the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause a service failu...

The vulnerability of the set_ws_action() function in D-Link DAP-1620 wireless repeater software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setwsaction function in D-Link DAP-1620 wireless repeater microprogramming software lies in the fact that the operation’s output escapes the buffer and enters memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and...

LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request

A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...

Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request

A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...

CVE-2023-47539

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remotewildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request...

CVE-2024-55594

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2024-55592

An incorrect authorization vulnerability CWE-863 in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an...

The vulnerability of the sch_reboot() function in the adm.cgi script of the Wavlink AC3000 (WL-WN533A8) router’s microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the schreboot function in the adm.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to the lack of measures taken to manage data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

CVE-2025-0159

IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker to bypas...