Total
2067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3002 | 2025-03-31 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The manipulation of the argument type_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2023-22884 | 1 Apache | 2 Airflow, Apache-airflow-providers-mysql | 2025-03-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | |||||
| CVE-2025-2732 | 2025-03-31 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2731 | 2025-03-31 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2730 | 2025-03-31 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2729 | 2025-03-31 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2728 | 2025-03-31 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. | |||||
| CVE-2025-2727 | 2025-03-31 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2726 | 2025-03-31 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2725 | 2025-03-31 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2983 | 2025-03-31 | 5.2 MEDIUM | 5.5 MEDIUM | ||
| A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument redirect leads to os command injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-25766 | 1 Mrcms | 1 Mrcms | 2025-03-28 | N/A | 4.8 MEDIUM |
| An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | |||||
| CVE-2024-12251 | 1 Telerik | 1 Ui For Winui | 2025-03-28 | N/A | 7.8 HIGH |
| In ProgressĀ® TelerikĀ® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2025-2916 | 2025-03-28 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-44916 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 7.2 HIGH |
| Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution. | |||||
| CVE-2025-25792 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 4.4 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. | |||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. | |||||
| CVE-2025-25794 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. | |||||
| CVE-2025-25796 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | |||||
| CVE-2025-25797 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. | |||||