Lucene search
K

26 matches found

NVD
NVD
added 2026/05/29 12:16 p.m.15 views

CVE-2025-41273

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.8CVSS0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 10:53 a.m.36 views

CVE-2025-41274

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS0.0138EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 10:53 a.m.21 views

CVE-2025-41273

CVE-2025-41273 affects Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040). Nozomi Networks Labs describe CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI, enabling remote unauthenticated attackers to bypass authentication and perform actions as an...

9.8CVSS5.8AI score0.00407EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/27 2:59 p.m.13 views

WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin The Post Grid versions = 7.9.2...

4.3CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/01 1:16 p.m.47 views

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS0.39688EPSS
Exploits4References5
RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.17 views

CVE-2023-0983

The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...

6.1CVSS6.8AI score0.00458EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:50 p.m.7 views

CVE-2005-3016

Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors...

10CVSS7.3AI score0.01375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:44 p.m.11 views

CVE-2022-24851

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

8.1CVSS5.4AI score0.01086EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/06/19 5:15 p.m.5 views

WordPress SEOPress plugin <= 7.9 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin SEOPress versions = 7.9...

6.4CVSS5.7AI score0.0037EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.4 views

Gessler GmbH WEB-MASTER Authorization Issue Vulnerability

Gessler GmbH WEB-MASTER is an emergency lighting management system from Gessler GmbH, Germany. A security vulnerability exists in Gessler GmbH WEB-MASTER version 7.9, which stems from the use of weakly hard-coded credentials to recover accounts, and which could be exploited by an attacker to take...

9.8CVSS6.8AI score0.00719EPSS
Exploits0References4
OSV
OSV
added 2023/04/18 9:15 p.m.6 views

CVE-2023-25554

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...

7.8CVSS7.1AI score0.00609EPSS
Exploits0References1
OSV
OSV
added 2023/04/10 2:15 p.m.4 views

CVE-2023-0983

The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...

6.1CVSS6.8AI score0.00458EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.5 views

SUSE CVE-2020-27761

WritePALMImage in /coders/palm.c used sizet casts in several areas of a calculation which could lead to values outside the range of representable type unsigned long undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to ssizet instead to avoid this issue. Re...

5.3CVSS6.5AI score0.01075EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.5 views

Schneider Electric StruxureWare Data Center Expert 安全漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A...

9.8CVSS8.3AI score0.00532EPSS
Exploits0References2
OSV
OSV
added 2022/12/05 4:15 a.m.1 views

CVE-2022-43487

Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script...

6.1CVSS5.9AI score
Exploits0References3
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.6 views

WordPress plugin Salon booking system 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.1CVSS6.7AI score0.00785EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.7 views

Unit4 ERP 代码问题漏洞

Unit4 ERP is an enterprise-class resource management platform from Unit4, Inc. A security vulnerability exists in Unit4 ERP 7.9 and prior versions that originates from an XXE attack allowed via Execute Server Process Asynchronously...

6.5CVSS6.5AI score0.00698EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.4 views

PT-2022-3483 · Unknown · Data Center Expert

Name of the Vulnerable Software and Affected Versions: Data Center Expert versions prior to V7.9.0 Description: The issue is related to the deserialization of untrusted data, which could allow a remote attacker to execute arbitrary code on the server by posting specially crafted data to the web...

8.8CVSS8.8AI score0.00537EPSS
Exploits0References6
OSV
OSV
added 2021/02/11 8:46 p.m.5 views

GHSA-M56G-3G8V-2RXW XSS in Adminer

Withdrawn: Duplicate of GHSA-9pgx-gcph-mpqr. Adminer before 4.7.9 allows XSS via the history parameter to the default URI...

6.1CVSS5.9AI score0.02003EPSS
Exploits1References6
Rows per page
Query Builder