CVE-2025-48745 – Apache HTTP Server Remote Code Execution Vulnerability

CVE ID : CVE-2025-48745

Published : June 2, 2025, 1:15 p.m. | 1 hour, 56 minutes ago

Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-49113. Reason: This candidate is a reservation duplicate of CVE-2025-49113. Notes: All CVE users should reference CVE-2025-49113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5445 – Linksys Wireless Router OS Command Injection Vulnerability

CVE ID : CVE-2025-5445

Published : June 2, 2025, 1:15 p.m. | 1 hour, 56 minutes ago

Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5446 – “Linksys Router Remote OS Command Injection Vulnerability”

CVE ID : CVE-2025-5446

Published : June 2, 2025, 1:15 p.m. | 1 hour, 56 minutes ago

Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-57783 – “Dot Desktop XSS Command Execution”

CVE ID : CVE-2024-57783

Published : June 2, 2025, 2:15 p.m. | 56 minutes ago

Description : The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-37090 – HPE StoreOnce Server-Side Request Forgery Vulnerability

CVE ID : CVE-2025-37090

Published : June 2, 2025, 2:15 p.m. | 56 minutes ago

Description : A server-side request forgery vulnerability exists in HPE StoreOnce Software.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-37092 – HPE StoreOnce Command Injection Remote Code Execution

CVE ID : CVE-2025-37092

Published : June 2, 2025, 2:15 p.m. | 56 minutes ago

Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-37093 – HPE StoreOnce Authentication Bypass Vulnerability

CVE ID : CVE-2025-37093

Published : June 2, 2025, 2:15 p.m. | 56 minutes ago

Description : An authentication bypass vulnerability exists in HPE StoreOnce Software.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-37094 – HPE StoreOnce Directory Traversal File Deletion Vulnerability

CVE ID : CVE-2025-37094

Published : June 2, 2025, 2:15 p.m. | 56 minutes ago

Description : A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5447 – Linksys Wireless Router OS Command Injection Vulnerability

CVE ID : CVE-2025-5447

Published : June 2, 2025, 2:15 p.m. | 56 minutes ago

Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…