Full List

Search

Recent Vulnerabilities

• CVE-2025-24351 • published on April 30, 2025 A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.
• CVE-2025-24350 • published on April 30, 2025 A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request.
• CVE-2025-24349 • published on April 30, 2025 A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request.
• CVE-2025-24348 • published on April 30, 2025 A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.
• CVE-2025-24347 • published on April 30, 2025 A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.
• CVE-2025-24346 • published on April 30, 2025 A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.
• CVE-2025-24345 • published on April 30, 2025 A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request.
• CVE-2025-24344 • published on April 30, 2025 A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request.
• CVE-2025-24343 • published on April 30, 2025 A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request.
• CVE-2025-24342 • published on April 30, 2025 A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.
• CVE-2025-24341 • published on April 30, 2025 A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device.
• CVE-2025-4113 • published on April 30, 2025 A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit-pass-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-4112 • published on April 30, 2025 A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-24340 • published on April 30, 2025 A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.
• CVE-2025-24339 • published on April 30, 2025 A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request.
• CVE-2025-24338 • published on April 30, 2025 A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests.
• CVE-2025-4111 • published on April 30, 2025 A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/visitor-details.php. The manipulation of the argument Status leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-4110 • published on April 30, 2025 A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-teacher.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
• CVE-2025-4109 • published on April 30, 2025 A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-subadmin.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
• CVE-2025-4108 • published on April 30, 2025 A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.