2275 matches found
CVE-2025-41268
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...
CVE-2025-41268
CVE-2025-41268 affects Waterfall WF-500 TX/RX Hosts (Administration WebUI) running version 7.9.1.0 R2502171040. The issue is a CWE-23 Relative Path Traversal in the Admin WebUI that could allow remote unauthenticated attackers to delete arbitrary files on the host machines. Connected sources conf...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...
PT-2026-44807
Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description An OS Command Injection issue exists in the Console WebUI, which allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. OS...
PT-2026-44815
Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description The Console WebUI contains an OS Command Injection issue, which occurs when special elements used in an OS command are not properly neutralized. This allows remote...
PT-2026-44813
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
EUVD-2026-32709
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...
httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash
A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...
CVE-2026-45047
The CVE affects the Go project bird-lg-go. Before version 1.4.5, apiHandler (and webHandlerTelegramBot) directly decode user-provided JSON via json.NewDecoder(r.Body).Decode(&request) without a maximum read size, enabling an unauthenticated attacker to stream a very large or endless JSON payload ...
kavita 安全漏洞
Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0.2 contained security vulnerabilities. These vulnerabilities stemmed from improper token verification, which could allow remote unauthenticated attackers to obtain user...
cPanel - CRLF Injection
ExploitTitle: cPanel 11.40 - CRLF Injection Author: nu11secur1tyAI Date: 2026-04-30 Vendor: cPanel, L.L.C. Software: cPanel & WHM cpsrvd Reference: CVE-2026-41940 / watchTowr-2026-01 Description: A critical authentication bypass vulnerability exists in the cPanel/WHM cpsrvd daemon due to improper...
CVE-2022-31231
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...
CVE-2022-31231
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...
CVE-2022-31231
CVE-2022-31231 affects Dell ECS (Dell EMC Elastic Cloud Storage) versions 3.5 and 3.6. The IAM module has an ImpropER Access Control vulnerability, enabling a remote unauthenticated attacker to obtain read access to unauthorized data . The root cause is improper access control within IAM, leading...
CVE-2022-31231
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...
PT-2026-42777
Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...
CVE-2026-44060
An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...
CVE-2026-44060 Integer underflow in dsi_writeinit() leads to denial of service
An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...
Netatalk 数字错误漏洞
Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 1.5.0 to 4.4.2 of Netatalk contain a digital error vulnerability. This vulnerability stems from an integer underflow in th...