Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3542 |
Description: A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGI_WizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Es wurde eine kritische Schwachstelle in H3C Magic NX15, Magic NX400 and Magic R3010 bis V100R014 gefunden. Hiervon betroffen ist die Funktion FCGI_WizardProtoProcess der Datei /api/wizard/getsyncpppoecfg der Komponente HTTP POST Request Handler. Mit der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: HIGH (8.6)
April 14th, 2025 (about 1 hour ago)
|
|
CVE-2025-3541 |
Description: A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGI_WizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 bis V100R014 entdeckt. Davon betroffen ist die Funktion FCGI_WizardProtoProcess der Datei /api/wizard/getSpecs der Komponente HTTP POST Request Handler. Dank Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: HIGH (8.6)
April 14th, 2025 (about 1 hour ago)
|
|
CVE-2025-3540 |
Description: A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. In H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 bis V100R014 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion FCGI_WizardProtoProcess der Datei /api/wizard/getCapability der Komponente HTTP POST Request Handler. Dank der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: HIGH (8.6)
April 13th, 2025 (about 2 hours ago)
|
|
CVE-2025-3539 |
Description: A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Es wurde eine kritische Schwachstelle in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 entdeckt. Dabei betrifft es die Funktion FCGI_CheckStringIfContainsSemicolon der Datei /api/wizard/getBasicInfo der Komponente HTTP POST Request Handler. Durch Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: HIGH (8.6)
April 13th, 2025 (about 2 hours ago)
|
|
CVE-2025-3445 |
Description: A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library.
When using the archiver.Unarchive functionality with ZIP files, like this: archiver.Unarchive(zipFile, outputDir), A crafted ZIP file can be extracted in such a way that it writes files to the affected system with the same privileges as the application executing this vulnerable functionality. Consequently, sensitive files may be overwritten, potentially leading to privilege escalation, code execution, and other severe outcomes in some cases.
It's worth noting that a similar vulnerability was found in TAR files (CVE-2024-0406). Although a fix was implemented, it hasn't been officially released, and the affected project has since been deprecated. The successor to mholt/archiver is a new project called mholt/archives, and its initial release (v0.1.0) removes the Unarchive() functionality.
CVSS: HIGH (8.1)
April 13th, 2025 (about 2 hours ago)
|
|
Description: Fall River Public Schools (FRPS) contains 17 schools and 10,521 students. Fall River corporate office is located in 417 Rock Street, Fall River, MA 2720, United States and has 720 employees.
April 13th, 2025 (about 4 hours ago)
|
|
|
Description: National Association for Stock Car Auto Racing (NASCAR) is the sanctioning body for the No. 1 form of motorsports in the United States and owner of 16 of the nation's major motorsports entertainment facilities. NASCAR corporate office is located in 1 Daytona Blvd, Daytona Beach, Florida, 32114, United States and has 8,734 employees. The total amount of data leakage is 1038.70 GB
April 13th, 2025 (about 4 hours ago)
|
|
|
Description: Pulse Urgent Care offers a range of services including urgent care, clinical medicine, women's health, workers' compensation, and employer services. Pulse Urgent Care corporate office is located in 100 E Cypress Ave Redding, CA 96002 United States and has 23 employees. The total amount of data leakage is 60.70 GB
April 13th, 2025 (about 4 hours ago)
|
|
|
Description: Bridgebank Limited is construction and civil engineering company. Bridgebank Limited corporate office is located in UNIT 3 SHERWOOD OAKS CLOSE SHERWOOD OAKS BUSINESS PARK Mansfield, NG18 4TB, GB and has 152 employees. The total amount of data leakage is 444.70 GB
April 13th, 2025 (about 4 hours ago)
|
|
|
Description: McFarland Commercial Insurance Services specializes in offering insurance solutions for various commercial risks. McFarland Commercial Insurance Services corporate office is located in 833 Mistletoe Lane, Suite 102 Redding, Ca 96002, US and has 25 employees.
April 13th, 2025 (about 4 hours ago)
|