5.3
CVE-2024-10207 - Server-Side Request Forgery (authenticated) in APROL Web Portal
A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs.
6.9
CVE-2024-10206 - Server-Side Request Forgery (unauthenticated) in APROL Web Portal
A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs.
6.8
CVE-2024-8315 - Improper Handling of Insufficient Permissions or Privileges in B&R APROL
An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information.
6.9
CVE-2025-2734 - PHPGurukul Old Age Home Management System aboutus.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploitβ¦
5.3
CVE-2025-2733 - mannaandpoem OpenManus Prompt python_execute.py os command injection
A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The eβ¦
5.5
CVE-2024-8314 - Improper session handling in B&R APROL
An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL <4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials.
8.7
CVE-2024-8313 - Default or Guessable SNMP community names in B&R APROL
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP.
8.6
CVE-2025-2732 - H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipuβ¦
8.6
CVE-2025-2731 - H3C Magic BE18000 HTTP POST Request getDualbandSync command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. Thβ¦
8.6
CVE-2025-2730 - H3C Magic BE18000 HTTP POST Request getssidname command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to commaβ¦