6.2
CVE-2025-37138 - Authenticated Command Injection Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobil…
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authentica…
6.5
CVE-2025-37137 - Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Comman…
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
6.5
CVE-2025-37136 - Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Comman…
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
6.5
CVE-2025-37135 - Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Comman…
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
7.2
CVE-2025-37134 - Authenticated Command Injection Vulnerability in the Low-Level Interface Library Affecting AOS-10 G…
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
6.8
CVE-2025-8430 - A user with elevated privileges can inject XSS in the Commands Connectors configuration configurati…
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.1…
7.2
CVE-2025-37133 - Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Mana…
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
7.2
CVE-2025-37132 - Authenticated Remote Code Execution Vulnerability in AOS-10 GW and AOS-8 Controller/Mobility Conduc…
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the un…
9.3
CVE-2025-11548 - ibi WebFOCUS - Unauthenticated RCE Vulnerability
A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution
6.5
CVE-2025-37148 - Kernel Panic triggered by Modified Ethernet Frames leads to Denial of Service Vulnerability
A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore func…