CVE-2025-4253

A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed t...

CVE-2023-53123

In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when they belong to a multi-function device. In particular on an SR-IOV device VFs may be removed...

CVE-2025-4110

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-teacher.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely...

CVE-2022-49812 bridge: switchdev: Fix memory leaks when changing VLAN protocol

In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or the 8021q driver. When the former is used, the VLAN is marked in the bridge...

CVE-2025-24348

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the wireless network configuration file via a crafted HTTP request...

CVE-2025-27532

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...

CVE-2025-24346

A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...

CVE-2025-24346

A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...

CVE-2025-24346

CVE-2025-24346 affects ctrlX OS; a vulnerability in the web application's Proxy functionality lets a remote authenticated (low-privileged) user craft an HTTP request to modify the /etc/environment file. The CVSS v3.1 base score is 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation details ar...

CVE-2025-24345

A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request...

CVE-2025-24342

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...

Unlocking User-Oriented Pages: Intention-Driven Black-Box Scanner for Real-World Web Applications

Black-box scanners have played a significant role in detecting vulnerabilities for web applications. A key focus in current black-box scanning is increasing test coverage i.e., accessing more web pages. However, since many web applications are user-oriented, some deep pages can only be accessed...

CVE-2025-4034

A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inserdocprocess.php. The manipulation of the argument DocID leads to sql injection. The attack can be launched remotely. The...

Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

CVE-2025-39390

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through = 2.3.6...

CVE-2025-31338

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...

CVE-2025-39580

Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through = 3.1.8...

CVE-2024-12543

User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes...

CVE-2025-3113

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal...

CVE-2025-29784

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to...