Lucene search
K

2275 matches found

Cvelist
Cvelist
added 2026/05/29 10:49 a.m.35 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

8.8CVSS0.00437EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 10:49 a.m.20 views

CVE-2025-41268

CVE-2025-41268 affects Waterfall WF-500 TX/RX Hosts (Administration WebUI) running version 7.9.1.0 R2502171040. The issue is a CWE-23 Relative Path Traversal in the Admin WebUI that could allow remote unauthenticated attackers to delete arbitrary files on the host machines. Connected sources conf...

9.1CVSS6AI score0.00437EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44807

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description An OS Command Injection issue exists in the Console WebUI, which allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. OS...

9.8CVSS6.2AI score0.0138EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44815

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description The Console WebUI contains an OS Command Injection issue, which occurs when special elements used in an OS command are not properly neutralized. This allows remote...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-44813

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 3:44 a.m.12 views

EUVD-2026-32709

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

5.3CVSS5.7AI score0.00331EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/27 9:13 p.m.66 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 4:37 p.m.17 views

CVE-2026-45047

The CVE affects the Go project bird-lg-go. Before version 1.4.5, apiHandler (and webHandlerTelegramBot) directly decode user-provided JSON via json.NewDecoder(r.Body).Decode(&request) without a maximum read size, enabling an unauthenticated attacker to stream a very large or endless JSON payload ...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

kavita 安全漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0.2 contained security vulnerabilities. These vulnerabilities stemmed from improper token verification, which could allow remote unauthenticated attackers to obtain user...

9.3CVSS5.8AI score0.00171EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2026/05/26 12:0 a.m.95 views

cPanel - CRLF Injection

ExploitTitle: cPanel 11.40 - CRLF Injection Author: nu11secur1tyAI Date: 2026-04-30 Vendor: cPanel, L.L.C. Software: cPanel & WHM cpsrvd Reference: CVE-2026-41940 / watchTowr-2026-01 Description: A critical authentication bypass vulnerability exists in the cPanel/WHM cpsrvd daemon due to improper...

9.8CVSS6AI score0.981EPSS
Exploits64
NVD
NVD
added 2026/05/22 4:16 p.m.17 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

7.5CVSS0.00346EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 p.m.14 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 2:31 p.m.22 views

CVE-2022-31231

CVE-2022-31231 affects Dell ECS (Dell EMC Elastic Cloud Storage) versions 3.5 and 3.6. The IAM module has an ImpropER Access Control vulnerability, enabling a remote unauthenticated attacker to obtain read access to unauthorized data . The root cause is improper access control within IAM, leading...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/22 2:31 p.m.8 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

5.9CVSS0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42777

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

5.9CVSS5.8AI score0.00346EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:34 a.m.9 views

CVE-2026-44060

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 7:34 a.m.8 views

CVE-2026-44060 Integer underflow in dsi_writeinit() leads to denial of service

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Netatalk 数字错误漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 1.5.0 to 4.4.2 of Netatalk contain a digital error vulnerability. This vulnerability stems from an integer underflow in th...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References2
Rows per page
Query Builder