CVE-2025-24345

A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request...

CVE-2025-24346

A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...

CVE-2025-4185 Wangshen SecGate 3600 g=obj_area_export_save path traversal

A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=objareaexportsave. The manipulation of the argument filename leads to path traversal. The attack may be initiated remotely. The exploit has be...

CVE-2025-4078

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=logexportfile. The manipulation of the argument filename leads to path traversal. The attack may be initiated remotely. The exploit has bee...

CVE-2025-4153

A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The...

PT-2025-18726 · Wangshen · Wangshen Secgate 3600

Name of the Vulnerable Software and Affected Versions: Wangshen SecGate 3600 version 2024 Description: A critical vulnerability has been found in Wangshen SecGate 3600, affecting the processing of the file ?g=obj area export save. The manipulation of the argument file name leads to path traversal...

CVE-2025-24345

A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request...

CVE-2025-24345

CVE-2025-24345 affects ctrlX OS web application’s Hosts functionality. A remote authenticated (low-privileged) attacker can manipulate the hosts file via a crafted HTTP request, indicating improper input/authorization handling in the Hosts feature. CVSSv3.1 base score is 6.3 (MEDIUM) with network...

CVE-2025-24345

A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request...

CVE-2025-4078

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=logexportfile. The manipulation of the argument filename leads to path traversal. The attack may be initiated remotely. The exploit has bee...

CVE-2025-4078 Wangshen SecGate 3600 g=log_export_file path traversal

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=logexportfile. The manipulation of the argument filename leads to path traversal. The attack may be initiated remotely. The exploit has bee...

CVE-2025-4072

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2025-3224

Docker Desktop for Windows versions prior to 4.41.0 are affected by an Elevation of Privilege during the update process. The updater runs with high privileges and attempts to delete files under C:\ProgramData\Docker\config, a path that often does not exist and where normal users can create direct...

PT-2025-18000 · Unknown · Phpgurukul Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul COVID19 Testing Management System version 1.0 Description: A critical issue was found in the PHPGurukul COVID19 Testing Management System. This issue affects an unknown part of the file /check availability.php. The manipulation of...

CVE-2025-32951

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

PT-2025-18259 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner...

PT-2025-18260 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the /etc/environment file via a crafted...

CVE-2025-43917

Summary: CVE-2025-43917 affects Pritunl Client on macOS prior to 1.3.4220.57. An administrator with access to /Applications can escalate privileges after uninstall by inserting a new file at the pathname of the removed pritunl-service, which is then executed by a LaunchDaemon as root. Root cause:...

CVE-2025-3783

A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be...

CVE-2025-3558 ghostxbh uzy-ssm-mall uploadUserHeadImage unrestricted upload

A vulnerability, which was classified as critical, was found in ghostxbh uzy-ssm-mall 1.0.0. This affects an unknown part of the file /mall/user/uploadUserHeadImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has...