CVE-2025-5157 – H3C SecCenter SMP-E1114P02 Remote Path Traversal Vulnerability

May 25, 2025

CVE ID : CVE-2025-5157

Published : May 25, 2025, 11:15 p.m. | 1 hour, 54 minutes ago

Description : A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5158 – H3C SecCenter SMP-E1114P02 Remote Path Traversal Vulnerability

Next Article CVE-2025-5156 – H3C GR-5400AX Buffer Overflow Vulnerability

Highlights

CVE-2025-5710 – “Code-projects Real Estate Property Management System SQL Injection Vulnerability”

June 5, 2025

CVE ID : CVE-2025-5710

Published : June 6, 2025, 2:15 a.m. | 1 hour, 29 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/InsertState.php. The manipulation of the argument txtStateName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

ChatGPT falls for another Windows license key scam — generating valid codes in a guessing game after a researcher “gives up”

Germany wants Google and Apple to ban China’s “illegal” DeepSeek AI — after it failed to comply with data protection laws

Microsoft’s extra year of free Windows 10 security updates feels like a last-minute snooze button — while groups like “The Restart Project” still want to help users

The Xbox Ally and Xbox Ally X prices may have leaked — and if true, it’s not as bad as I thought

The details of TC39’s last meeting

The details of TC39’s last meeting

Modern async iteration in JavaScript with Array.fromAsync()

Vite vs Webpack: A Guide to Choosing the Right Bundler

LocalStack is a cloud service emulator

LocalStack is a cloud service emulator

Sysdig – dig deeper

minnow – simple and fairly weak chess engine

CVE-2025-5157 – H3C SecCenter SMP-E1114P02 Remote Path Traversal Vulnerability

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

CVE-2025-2605 – Honeywell MB-Secure OS Command Injection Vulnerability

8 Best Free and Open Source Terminal-Based Flashcard Tools

Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices

Pinout with Dan Johnson

CVE-2025-5710 – “Code-projects Real Estate Property Management System SQL Injection Vulnerability”

CVE-2025-4135 – Netgear WG302v2 Command Injection Vulnerability

CVE-2025-53305 – Lucidcrew WP Forum Server CSRF Stored XSS

CVE-2025-6677 – Drupal Paragraphs Cross-Site Scripting (XSS) Vulnerability

CVE-2025-5157 – H3C SecCenter SMP-E1114P02 Remote Path Traversal Vulnerability

Related Posts