CVE-2025-27532

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...

CVE-2025-24346

A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...

CVE-2025-24346

A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...

CVE-2025-24346

CVE-2025-24346 affects ctrlX OS; a vulnerability in the web application's Proxy functionality lets a remote authenticated (low-privileged) user craft an HTTP request to modify the /etc/environment file. The CVSS v3.1 base score is 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation details ar...

CVE-2025-24345

A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request...

CVE-2025-24342

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...

Unlocking User-Oriented Pages: Intention-Driven Black-Box Scanner for Real-World Web Applications

Black-box scanners have played a significant role in detecting vulnerabilities for web applications. A key focus in current black-box scanning is increasing test coverage i.e., accessing more web pages. However, since many web applications are user-oriented, some deep pages can only be accessed...

CVE-2025-4034

A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inserdocprocess.php. The manipulation of the argument DocID leads to sql injection. The attack can be launched remotely. The...

Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

CVE-2025-39390

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through = 2.3.6...

CVE-2025-31338

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...

CVE-2025-39580

Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through = 3.1.8...

CVE-2024-12543

User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes...

CVE-2025-3113

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal...

CVE-2025-29784

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to...

PT-2025-17720 · WordPress · Buddypress Force Password Change

Name of the Vulnerable Software and Affected Versions: Buddypress Force Password Change plugin for WordPress versions up to, and including, 0.1 Description: The issue allows for authenticated account takeover due to improper validation of a user's identity prior to updating their password through...

PT-2025-17580 · Codemers · Codemers Klims

Name of the Vulnerable Software and Affected Versions: Codemers KLIMS version 1.6.DEV Description: The issue allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier, such as for sorting, which will get executed on the server side. Recommendation...

PT-2025-31931 · Tracker · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor version 10.5.2.395 Description: An out-of-bounds read vulnerability exists in the EMF functionality. Exploitation involves using a specially crafted EMF file, which could lead to the disclosure of sensitive information...

CVE-2024-12543

User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes...

CVE-2024-12543 A user enumeration and subsequent data integrity vulnerability affecting barcode functionality

User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes...