Lucene search
K

2577 matches found

NVD
NVD
added 2026/05/29 12:16 p.m.17 views

CVE-2025-41274

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS0.0138EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 12:16 p.m.15 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 10:59 a.m.35 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 10:53 a.m.15 views

CVE-2025-41274

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 10:52 a.m.13 views

EUVD-2025-209992

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 10:50 a.m.35 views

CVE-2025-41269

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS0.0138EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 10:50 a.m.23 views

CVE-2025-41269

The CVE-2025-41269 entry describes a remote OS Command Injection (CWE-78) affecting Waterfall WF-500 Series controllers: Console WebUI on TX/RX Hosts, version 7.9.1.0 R2502171040. Root cause is improper neutralization of special elements in the OS command execution path, permitting remote unauthe...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/29 10:48 a.m.22 views

CVE-2025-41267

The CVE-2025-41267 entry concerns Nozomi Networks’ Waterfall WF-500 TX Host (Administration WebUI), affected version 7.9.1.0 R2502171040. It reports a CWE-78 OS Command Injection in the Administration WebUI that can be triggered by remote authenticated attackers to execute arbitrary operating sys...

8.5CVSS6.1AI score0.00882EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:48 a.m.9 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 10:41 a.m.18 views

CVE-2025-41265

CVE-2025-41265 affects Waterfall WF-500 TX Host (Administration WebUI) in version 7.9.1.0 R2502171040. The issue is CWE-78: OS Command Injection due to improper neutralization of special elements, allowing remote authenticated attackers to execute arbitrary operating system commands on the host. ...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Plesk 安全漏洞

Plesk is a web hosting control panel developed by the Swiss company Plesk. There is a security vulnerability in Plesk, which stems from XPath injection in the APS application directory search function. User input that is not properly cleaned and directly inserted into the XPath query could allow...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44803

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX Host version 7.9.1.0 R2502171040 Description An OS Command Injection issue exists in the Administration WebUI, which allows remote authenticated attackers to execute arbitrary operating system commands on the host. OS Comma...

8.6CVSS6.2AI score0.00882EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 4:22 a.m.42 views

CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

0.01452EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44162

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

9.1CVSS6.2AI score0.00473EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44065

Name of the Vulnerable Software and Affected Versions Archer BE450 v1 Archer BE7200 v1 Description An authenticated command injection allows an administrator to execute arbitrary system commands through the web management interface. By using the browser developer console, a crafted input can be...

8.5CVSS6.2AI score0.02458EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/26 2:8 p.m.45 views

CVE-2026-42785 OpenKM 6.3.12 Remote Code Execution via Administrative Scripting

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS0.00679EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/26 2:8 p.m.16 views

EUVD-2026-31835

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

OpenKM 代码注入漏洞

OpenKM is a document management system developed by OpenKM Company in Spain. This system offers features such as version control, file history, and file sharing. Version OpenKM 6.3.12 has a code injection vulnerability. This vulnerability arises from allowing authenticated administrators to submi...

8.6CVSS6AI score0.00679EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43255

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References8
Rows per page
Query Builder