Security Vulnerabilities - CVEs Published In June 2025
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.3
EPSS Score
0.092
Published
2025-06-02
A server-side request forgery vulnerability exists in HPE StoreOnce Software.
CVSS Score
6.9
EPSS Score
0.004
Published
2025-06-02
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS Score
7.2
EPSS Score
0.012
Published
2025-06-02
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS Score
7.5
EPSS Score
0.012
Published
2025-06-02
An authentication bypass vulnerability exists in HPE StoreOnce Software.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-06-02
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
CVSS Score
5.5
EPSS Score
0.027
Published
2025-06-02
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS Score
7.5
EPSS Score
0.012
Published
2025-06-02
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.3
EPSS Score
0.057
Published
2025-06-02
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.3
EPSS Score
0.075
Published
2025-06-02
Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-06-02