26 matches found
CVE-2025-41273
Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...
CVE-2025-41274
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
CVE-2025-41273
CVE-2025-41273 affects Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040). Nozomi Networks Labs describe CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI, enabling remote unauthenticated attackers to bypass authentication and perform actions as an...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...
WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin The Post Grid versions = 7.9.2...
CVE-2026-29014
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
CVE-2023-0983
The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...
CVE-2005-3016
Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors...
CVE-2022-24851
LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...
WordPress SEOPress plugin <= 7.9 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin SEOPress versions = 7.9...
Gessler GmbH WEB-MASTER Authorization Issue Vulnerability
Gessler GmbH WEB-MASTER is an emergency lighting management system from Gessler GmbH, Germany. A security vulnerability exists in Gessler GmbH WEB-MASTER version 7.9, which stems from the use of weakly hard-coded credentials to recover accounts, and which could be exploited by an attacker to take...
CVE-2023-25554
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...
CVE-2023-0983
The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...
SUSE CVE-2020-27761
WritePALMImage in /coders/palm.c used sizet casts in several areas of a calculation which could lead to values outside the range of representable type unsigned long undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to ssizet instead to avoid this issue. Re...
Schneider Electric StruxureWare Data Center Expert 安全漏洞
Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A...
CVE-2022-43487
Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script...
WordPress plugin Salon booking system 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
Unit4 ERP 代码问题漏洞
Unit4 ERP is an enterprise-class resource management platform from Unit4, Inc. A security vulnerability exists in Unit4 ERP 7.9 and prior versions that originates from an XXE attack allowed via Execute Server Process Asynchronously...
PT-2022-3483 · Unknown · Data Center Expert
Name of the Vulnerable Software and Affected Versions: Data Center Expert versions prior to V7.9.0 Description: The issue is related to the deserialization of untrusted data, which could allow a remote attacker to execute arbitrary code on the server by posting specially crafted data to the web...
GHSA-M56G-3G8V-2RXW XSS in Adminer
Withdrawn: Duplicate of GHSA-9pgx-gcph-mpqr. Adminer before 4.7.9 allows XSS via the history parameter to the default URI...