CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-4117
Netgear JWNR2000v2 sub_41A914 buffer overflow
Description: A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argument host leads to buffer overflow. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in Netgear JWNR2000v2 1.0.0.11 gefunden. Es geht dabei um die Funktion sub_41A914. Mittels dem Manipulieren des Arguments host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden.

CVSS: MEDIUM (5.1)

EPSS Score: 0.05%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-27532
A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker...
Description: A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.

CVSS: MEDIUM (6.5)

EPSS Score: 0.06%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24348
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged)...
Description: A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.

CVSS: MEDIUM (5.4)

EPSS Score: 0.09%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24347
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged)...
Description: A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.

CVSS: MEDIUM (6.5)

EPSS Score: 0.22%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24345
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to...
Description: A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request.

CVSS: MEDIUM (6.3)

EPSS Score: 0.12%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24344
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary...
Description: A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request.

CVSS: MEDIUM (6.3)

EPSS Score: 0.08%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24343
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker...
Description: A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request.

CVSS: MEDIUM (5.4)

EPSS Score: 0.22%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24342
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via...
Description: A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.

CVSS: MEDIUM (5.3)

EPSS Score: 0.09%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24341
A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS)...
Description: A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device.

CVSS: MEDIUM (6.5)

EPSS Score: 0.41%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4113
PHPGurukul Curfew e-Pass Management System edit-pass-detail.php sql injection
Description: A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit-pass-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Curfew e-Pass Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/edit-pass-detail.php. Dank Manipulation des Arguments editid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE
April 30th, 2025 (about 2 months ago)