CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/29 12:16 p.m.•15 views

CVE-2025-41274

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS0.0138EPSS

NVD•added 2026/05/29 12:16 p.m.•16 views

CVE-2025-41272

9.8CVSS0.0138EPSS

NVD•added 2026/05/29 12:16 p.m.•11 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS

Cvelist•added 2026/05/29 10:59 a.m.•32 views

CVE-2025-41279

8.6CVSS0.00882EPSS

EUVD•added 2026/05/29 10:59 a.m.•11 views

EUVD-2025-209999

ATTACKERKB•added 2026/05/29 10:57 a.m.•8 views

CVE-2025-41277

CVE•added 2026/05/29 10:56 a.m.•26 views

Exploits0References2

CVE-2025-41275

The CVE-2025-41275 entry concerns Waterfall WF-500 TX and RX Hosts (Console WebUI) with a CWE-78 OS command injection in version 7.9.1.0 R2502171040. The root cause is improper neutralization of special elements in the OS command flow, enabling remote unauthenticated attackers to execute arbitrar...

9.8CVSS6.1AI score0.0138EPSS

EUVD•added 2026/05/29 10:53 a.m.•9 views

EUVD-2025-209994

Vulnrichment•added 2026/05/29 10:53 a.m.•14 views

CVE-2025-41274

EUVD•added 2026/05/29 10:52 a.m.•8 views

EUVD-2025-209992

Vulnrichment•added 2026/05/29 10:51 a.m.•9 views

CVE-2025-41270

ATTACKERKB•added 2026/05/29 10:50 a.m.•10 views

CVE-2025-41269

EUVD•added 2026/05/29 10:50 a.m.•9 views

Exploits0References2

EUVD-2025-209989

Cvelist•added 2026/05/29 10:50 a.m.•33 views

CVE-2025-41269

9.3CVSS0.0138EPSS

CVE•added 2026/05/29 10:50 a.m.•19 views

CVE-2025-41269

The CVE-2025-41269 entry describes a remote OS Command Injection (CWE-78) affecting Waterfall WF-500 Series controllers: Console WebUI on TX/RX Hosts, version 7.9.1.0 R2502171040. Root cause is improper neutralization of special elements in the OS command execution path, permitting remote unauthe...

9.8CVSS6.1AI score0.0138EPSS

CVE•added 2026/05/29 10:48 a.m.•17 views

CVE-2025-41267

The CVE-2025-41267 entry concerns Nozomi Networks’ Waterfall WF-500 TX Host (Administration WebUI), affected version 7.9.1.0 R2502171040. It reports a CWE-78 OS Command Injection in the Administration WebUI that can be triggered by remote authenticated attackers to execute arbitrary operating sys...

8.5CVSS6.1AI score0.00882EPSS

CVE•added 2026/05/29 10:48 a.m.•19 views

CVE-2025-41266

CVE-2025-41266 affects Waterfall WF-500 TX Host (Administration WebUI), version 7.9.1.0 R2502171040. Root cause: CWE-78 OS Command Injection in the web interface, enabling remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host. Documented impact includ...

ATTACKERKB•added 2026/05/29 10:48 a.m.•8 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

Vulnrichment•added 2026/05/29 10:41 a.m.•13 views

Exploits0References2

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...