6.9

CVSS4.0

CVE-2025-5436 - Multilaser Sirius RE016 cstecgi.cgi information disclosure

A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the p…

📅 Published: June 2, 2025, 8 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2025-0358 -

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

📅 Published: June 2, 2025, 7:39 a.m. 🔄 Last Modified: Jan. 15, 2026, 3:38 p.m.

4.3

CVSS3.1

CVE-2025-0325 -

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.

📅 Published: June 2, 2025, 7:36 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

9.4

CVSS3.1

CVE-2025-0324 -

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

📅 Published: June 2, 2025, 7:32 a.m. 🔄 Last Modified: Jan. 15, 2026, 3:42 p.m.

6.9

CVSS4.0

CVE-2025-5435 - Marwal Infotech CMS page.php sql injection

A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m…

📅 Published: June 2, 2025, 7:31 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS4.0

CVE-2025-5113 - Authenticated Remote Command Injection in Diviotec NBR IP Cameras

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used.

📅 Published: June 2, 2025, 7:13 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS4.0

CVE-2025-4010 - Arbitrary Command Injection in Netcom NTC-6200 & NWL-222

The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with e…

📅 Published: June 2, 2025, 7 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2025-5434 - Aem Solutions CMS page.php sql injection

A vulnerability was found in Aem Solutions CMS up to 1.0. It has been classified as critical. This affects an unknown part of the file /page.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public …

📅 Published: June 2, 2025, 7 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2025-5448 -

This CVE id was assigned but later discarded.

📅 Published: June 2, 2025, 6:52 a.m. 🔄 Last Modified: Dec. 24, 2025, 1:15 p.m.

5.3

CVSS4.0

CVE-2025-5433 - Fengoffice Feng Office index.php sql injection

A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection. The attack may be launched remotely. The e…

📅 Published: June 2, 2025, 6:31 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 5203 of 34,919
« previous page » next page
Filters