CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-24346
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to...
Description: A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.

CVSS: HIGH (7.5)

EPSS Score: 0.34%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4112
PHPGurukul Student Record System add-course.php sql injection
Description: A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Student Record System 3.20 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /add-course.php. Dank der Manipulation des Arguments course-short mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.03%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4108
PHPGurukul Student Record System add-subject.php sql injection
Description: A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in PHPGurukul Student Record System 3.20 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /add-subject.php. Durch das Manipulieren des Arguments sub1 mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.03%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24338
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker...
Description: A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests.

CVSS: HIGH (7.1)

EPSS Score: 0.28%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4125
ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Description: Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4124
ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Description: Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-22884
ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Description: Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-22883
ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Description: Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-22882
ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Description: Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-29906
Finit bundled getty can bypass /bin/login
Description: Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11.

CVSS: HIGH (8.6)

EPSS Score: 0.02%

Source: CVE
April 29th, 2025 (about 2 months ago)