30 matches found
EUVD-2025-12705
Malicious code in bioql PyPI...
EUVD-2025-12694
Malicious code in bioql PyPI...
EUVD-2025-12709
Malicious code in bioql PyPI...
EUVD-2025-12707
Malicious code in bioql PyPI...
EUVD-2025-12710
Malicious code in bioql PyPI...
CVE-2025-24341
A vulnerability in the web application of ctrlX OS allows a remote authenticated low-privileged attacker to induce a Denial-of-Service DoS condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device...
CVE-2025-24345
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request...
CVE-2025-24347
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...
CVE-2025-24344
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request...
CVE-2025-24351
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request...
CVE-2025-24347
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...
CVE-2025-27532
A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...
CVE-2025-24351
The CVE-2025-24351 entry affects the ctrlX OS web application’s “Remote Logging” functionality. A remote authenticated (low-privileged) attacker can execute arbitrary OS commands in the context of user “root” via a crafted HTTP request. Reports consistently describe this as a root-level command e...
CVE-2025-24348
CVE-2025-24348 affects the web interface of ctrlX OS (Network Interfaces). A remote authenticated, low-privilege attacker can manipulate the wireless network configuration file using a crafted HTTP request. Exploitation status is not detailed in the provided docs; CVSS v3.1 base score is 5.4 (Med...
CVE-2025-24343
CVE-2025-24343 affects ctrlX OS via the web app’s “Manages app data” function. The vulnerability allows a remote authenticated, low-privilege attacker to write arbitrary files to arbitrary filesystem paths through a crafted HTTP request. Several sources corroborate the same flaw, with no publicly...
CVE-2025-24343
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request...
CVE-2025-24341
A vulnerability in the web application of ctrlX OS allows a remote authenticated low-privileged attacker to induce a Denial-of-Service DoS condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device...
CVE-2025-24341
The CVE-2025-24341 vulnerability affects the web application of ctrlX OS. A remote authenticated (low-privileged) attacker can induce a Denial-of-Service (DoS) on the device by sending multiple crafted HTTP requests, with the worst case requiring a full power cycle to regain control. According to...
CVE-2025-24340
CVE-2025-24340 affects ctrlX OS. The vulnerability is in the users configuration file, allowing a remote authenticated (low-privileged) attacker to recover plaintext passwords of other users. CVSS 3.1 base score 6.5 (Network, Low AWS, Privileges Required: Low, User Interaction: None, Confidential...
CVE-2025-24340
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users...