6.5
CVE-2024-23970 - ChargePoint Home Flex Improper Certificate Validation
This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue reβ¦
8.8
CVE-2024-23969 - ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from the laβ¦
8.8
CVE-2024-23968 - ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue resuβ¦
8.8
CVE-2024-23973 - Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.Β The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of prβ¦
7.5
CVE-2024-24731 - Silicon Labs Gecko OS http_download Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The issue results from tβ¦
7.6
CVE-2025-24885 - pwn.college has a XSS on dojo pages
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.
7.7
CVE-2025-24886 - pwn.college has Symlink LFI in Dojo repos
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a checkβ¦
5.3
CVE-2025-0882 - code-projects Chat System addnewmember.php sql injection
A vulnerability was found in code-projects Chat System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/addnewmember.php. The manipulation of the argument user leads to sql injection. The attack can be launched remotely. The eβ¦
5.3
CVE-2025-0881 - Codezips Gym Management System saveroutine.php sql injection
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploitβ¦
5.3
CVE-2025-0880 - Codezips Gym Management System updateplan.php sql injection
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The attack may be initiated remotely. The exploit has bβ¦