10
CVE-2024-54085 - Redfish Authentication Bypass
AMIβs SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
5.1
CVE-2025-2196 - MRCMS org.marker.mushroom.controller.FileController upload.do upload cross site scripting
A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting.β¦
0.0
CVE-2025-29763 -
βThis CVE ID is Rejected and will not be used. The issue was determined to not be a vulnerability.β
7.1
CVE-2025-22369 - Mennekes smart/premium charges systems, Arbitrary file download using ReadFile endpoint
The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.
8.7
CVE-2025-22366 - Mennekes smart/premium charges systems, Command injection in firmware upgrade
The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
5.3
CVE-2025-22370 - Mennekes smart/premium charges systems, SQL Injection in web configuration interface
Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized.
8.7
CVE-2025-22368 - Mennekes smart/premium charges systems, Command injection in sCU firmware update
The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.
8.7
CVE-2025-22367 - Mennekes smart/premium charges systems, Command injection in time setting
The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
5.1
CVE-2025-2195 - MRCMS org.marker.mushroom.controller.FileController rename.do rename cross site scripting
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possibleβ¦
5.1
CVE-2025-2194 - MRCMS org.marker.mushroom.controller.FileController list.do list cross site scripting
A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiatβ¦