PT-2025-19890 · Kibana · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions 8.3.0 through 8.17.5 Kibana version 8.18.0 Kibana version 9.0.0 Description: A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

Langflow Missing Authentication Vulnerability

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests...

CVE-2025-24341

A vulnerability in the web application of ctrlX OS allows a remote authenticated low-privileged attacker to induce a Denial-of-Service DoS condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device...

CVE-2025-24342

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...

CVE-2025-24338

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests...

Exploit for Cross-Site Request Forgery (CSRF) in Nosurf_Project Nosurf

CVE-2025-46721: CSRF...

CVE-2025-24342

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...

CVE-2025-27532

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...

CVE-2025-24342

CVE-2025-24342 affects the web-based login functionality of ctrlX OS. The root cause is an improper login process that enables remote, unauthenticated attackers to enumerate valid usernames by sending multiple crafted HTTP requests. This can facilitate targeted credential-guessing attempts agains...

CVE-2025-24338

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests...

CVE-2025-24341

The CVE-2025-24341 vulnerability affects the web application of ctrlX OS. A remote authenticated (low-privileged) attacker can induce a Denial-of-Service (DoS) on the device by sending multiple crafted HTTP requests, with the worst case requiring a full power cycle to regain control. According to...

CVE-2025-24338

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests...

Advisory ROSA-SA-2025-2859

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracl...

PT-2025-18250 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the "Manages app data" functionality of the web application of ctrlX OS allows a remote authenticated attacker to execute arbitrary client-side code in the context of...

CVE-2025-32961

The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name...

CVE-2025-2950

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior...

PT-2025-18253 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the web application of ctrlX OS allows a remote authenticated low-privileged attacker to induce a Denial-of-Service DoS condition on the device via multiple crafted HTTP...

CVE-2025-46421

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect...

CVE-2025-36625

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application...

CVE-2025-2950

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior...