CVE-2025-47417

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...

CVE-2025-47457 WordPress LocateAndFilter plugin <= 1.6.16 - Broken Access Control Vulnerability

Missing Authorization vulnerability in dgamoni LocateAndFilter locateandfilter allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LocateAndFilter: from n/a through = 1.6.16...

PT-2025-20021 · Rt · Rt-Labs P-Net

Name of the Vulnerable Software and Affected Versions: RT-Labs P-Net versions 1.0.1 and earlier Description: A heap-based buffer overflow in RT-Labs P-Net allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. Recommendations: For RT-Labs P-Net...

CVE-2025-47417

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...

CVE-2025-47418 Recording

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536...

CVE-2025-47418

CVE-2025-47418 concerns Crestron Automate VX with versions 5.6.8161.21536–6.4.0.49. The issue is Exposure of Sensitive Information to an Unauthorized Actor, arising from a remote web API that enables recording functionality without visible indication. Remote recording can be enabled via a network...

CVE-2025-47417 Enable Debug Images

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...

CVE-2025-47417

Summary: CVE-2025-47417 affects Crestron Automate VX. Versions 5.6.8161.21536 through 6.4.0.49 expose snapshots of captured video when the Enable Debug Images feature is active, stored locally without a visible indicator. This is a data-exposure vulnerability enabling potential information disclo...

CVE-2025-47417 Enable Debug Images

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...

CVE-2025-4301

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...

CBL Mariner 2.0 Security Update: kernel (CVE-2025-22035)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22035 advisory. - In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in...

PT-2025-19926 · Unknown · Sourcecodester Online Student Clearance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student Clearance System version 1.0 Description: A critical issue was found in the /Admin/login.php file, affecting unknown code. The manipulation of the username and password arguments leads to SQL injection. The attac...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21968)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21968 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after- fre...

GHSA-X39X-9QW5-GHRF Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL

Summary During a manual source code review, ARIMLABS.AI researchers identified that the browseruse module includes an embedded whitelist functionality to restrict URLs that can be visited. This restriction is enforced during agent initialization. However, it was discovered that these measures can...

PT-2025-19725 · Osticket · Osticket

Name of the Vulnerable Software and Affected Versions: osTicket versions 1.17.5 and earlier Description: A SQL injection issue exists in the Search functionality of the tickets.php page, allowing authenticated attackers to execute arbitrary SQL commands. This is achieved via a combination of the...

CVE-2025-4253

A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed t...

CVE-2023-53123

In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when they belong to a multi-function device. In particular on an SR-IOV device VFs may be removed...

CVE-2025-4110

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-teacher.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely...

CVE-2022-49812 bridge: switchdev: Fix memory leaks when changing VLAN protocol

In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or the 8021q driver. When the former is used, the VLAN is marked in the bridge...

CVE-2025-24348

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the wireless network configuration file via a crafted HTTP request...