libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

Exploit for Deserialization of Untrusted Data in Bentoml

Setup for the vulnerable version. Start the vulnerable contai...

CVE-2025-24347

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...

CVE-2025-24349

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to delete the configuration of physical network interfaces via a crafted HTTP request...

CVE-2025-24351

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request...

CVE-2025-24339

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle MitM, via a crafted HTTP request...

CVE-2025-40617

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkgseleccionarhoraajax.php...

CVE-2025-40618

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of pywsgi Input.send100continue. An attacker could extract data or compromise data integrity by sending a request with an Expect: 100-continue header. Remediation Upgrade gevent to version...

Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities

Web Shell Client Description & Demo Wshlient is a web shell client designed to be pretty simple yet versatile. One just need to create a text file containing an HTTP request and inform where Wshlient inject the commands, then you can enjoy a shell. In the case the above video does not works for...

CVE-2025-24349

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to delete the configuration of physical network interfaces via a crafted HTTP request...

CVE-2025-24348

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the wireless network configuration file via a crafted HTTP request...

CVE-2025-24347

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...

CVE-2025-24351

The CVE-2025-24351 entry affects the ctrlX OS web application’s “Remote Logging” functionality. A remote authenticated (low-privileged) attacker can execute arbitrary OS commands in the context of user “root” via a crafted HTTP request. Reports consistently describe this as a root-level command e...

CVE-2025-24350

A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request...

CVE-2025-24349

CVE-2025-24349 affects the web application of ctrlX OS under the Network Interfaces feature. A remote authenticated (low-privilege) attacker can delete the configuration of physical network interfaces by sending a crafted HTTP request. The vulnerability is evidenced across multiple sources (NVD, ...

CVE-2025-24348

CVE-2025-24348 affects the web interface of ctrlX OS (Network Interfaces). A remote authenticated, low-privilege attacker can manipulate the wireless network configuration file using a crafted HTTP request. Exploitation status is not detailed in the provided docs; CVSS v3.1 base score is 5.4 (Med...

CVE-2025-24347

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...

CVE-2025-24347

The CVE-2025-24347 issue affects the web application of ctrlX OS, specifically the Network Interfaces functionality. A remote authenticated (low-privileged) attacker can manipulate the network configuration file through a crafted HTTP request. The vulnerability is described across multiple source...

CVE-2025-24346

A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...