Dbbroadcast Mozart_dds_next_1000
17 CVEs affecting Dbbroadcast Mozart_dds_next_1000. Latest disclosed: 2025-11-26. Critical: 11, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-66262 | Critical | 9.8 | 2025-11-26 | Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 100… |
CVE-2025-66261 | Critical | 9.8 | 2025-11-26 | Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 10… |
CVE-2025-66259 | Critical | 9.8 | 2025-11-26 | Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 10… |
CVE-2025-66256 | Critical | 9.8 | 2025-11-26 | Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 100… |
CVE-2025-66255 | Critical | 9.8 | 2025-11-26 | Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1… |
CVE-2025-66253 | Critical | 9.8 | 2025-11-26 | Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000… |
CVE-2025-66250 | Critical | 9.8 | 2025-11-26 | Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 10… |
CVE-2025-63228 | Critical | 9.8 | 2025-11-18 | The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php end… |
CVE-2025-66257 | Critical | 9.1 | 2025-11-26 | Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1… |
CVE-2025-66254 | Critical | 9.1 | 2025-11-26 | Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500… |
CVE-2025-66251 | Critical | 9.1 | 2025-11-26 | Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 10… |
CVE-2025-66263 | High | 7.5 | 2025-11-26 | Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 10… |
CVE-2025-66252 | High | 7.5 | 2025-11-26 | Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000… |
CVE-2025-63227 | High | 7.2 | 2025-11-18 | The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An… |
CVE-2025-66260 | Medium | 6.5 | 2025-11-26 | PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 35… |
CVE-2025-66258 | Medium | 5.4 | 2025-11-26 | Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000… |
CVE-2025-63229 | Medium | 5.4 | 2025-11-18 | The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting (XSS) vulnerability in the /main0.php e… |