7896 matches found
CVE-2025-30033
The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component...
CVE-2025-48861
A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...
CVE-2025-48862
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted...
CVE-2025-48860
A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...
CVE-2025-48862
The CVE affects ctrlX OS (Bosch) where ambiguous wording in the web interface of the setup/backup mechanism could mislead users into thinking the backup is encrypted when a password is set. In reality, only the private key in the backup (if present) is encrypted; the backup file itself remains un...
CVE-2025-48862
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted...
CVE-2025-48862
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted...
CVE-2025-48861
CVE-2025-48861 describes a vulnerability in the Task API endpoint of the ctrlX OS setup mechanism, where an unauthenticated, remote attacker could access and exfiltrate internal application data (e.g., debug logs and the version of installed apps). Public sources consistently tie the issue to ina...
CVE-2025-48860
A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...
CVE-2025-48860
A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...
CVE-2025-48860
CVE-2025-48860 affects the web application of the ctrlX OS setup mechanism. An authenticated, low-privilege attacker could remotely access backup archives created by a user with elevated permissions, potentially exposing sensitive data depending on archive contents. The advisory sources describe ...
PT-2025-33138 · Ctrlx Os · Ctrlx Os
Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the web application of the ctrlX OS setup mechanism allowed an authenticated attacker with low privileges to gain remote access to backup archives created by a user with...
CVE-2025-4410
A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code...
CVE-2025-4410 SetupUtility: A buffer overflow vulnerability leads to arbitrary code execution.
A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code...
CVE-2025-4410 SetupUtility: A buffer overflow vulnerability leads to arbitrary code execution.
A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code...
CVE-2025-4410
CVE-2025-4410 describes a buffer overflow in the SetupUtility module. Multiple sources (NVD/NVD-derived records, Red Hat advisory, CVE lists, and related enrichment) indicate a local-privilege path to arbitrary code execution: an attacker with local high privileges can exploit the issue to run co...
CVE-2025-50617
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wpsset in the payload, which can cause the program to crash and potentially lead to a Denial of...
CVE-2025-49456 Zoom Clients for Windows- Race Condition
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access...
CVE-2025-30033
The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component...
CVE-2025-30033
The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component...