CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added last week•5 views

CVE-2025-41275

9.8CVSS6AI score0.00368EPSS

RedhatCVE•added last week•6 views

CVE-2025-41281

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is...

7.8CVSS5.8AI score0.00047EPSS

NVD•added 2026/05/29 12:16 p.m.•9 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

9.1CVSS0.01102EPSS

NVD•added 2026/05/29 12:16 p.m.•10 views

CVE-2025-41275

9.8CVSS0.00368EPSS

NVD•added 2026/05/29 12:16 p.m.•11 views

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00306EPSS

ATTACKERKB•added 2026/05/29 11:0 a.m.•9 views

CVE-2025-41281

7.5CVSS6AI score0.00047EPSS

Vulnrichment•added 2026/05/29 11:0 a.m.•9 views

CVE-2025-41281

7.5CVSS6AI score0.00047EPSS

ATTACKERKB•added 2026/05/29 10:59 a.m.•8 views

CVE-2025-41280

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...

7.5CVSS6AI score0.00015EPSS

CVE•added 2026/05/29 10:59 a.m.•11 views

CVE-2025-41279

CVE-2025-41279 concerns Nozomi Networks Waterfall WF-500 RX Host (Administration WebUI). A CWE-78 OS Command Injection vulnerability in version 7.9.1.0 R2502171040 allows remote authenticated attackers to execute arbitrary OS commands on the WF-500 RX Host. The underlying root cause is improper n...

8.6CVSS6.1AI score0.00306EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/29 10:57 a.m.•10 views

CVE-2025-41277

EUVD•added 2026/05/29 10:57 a.m.•9 views

EUVD-2025-209997

Cvelist•added 2026/05/29 10:57 a.m.•35 views

CVE-2025-41276

9.3CVSS0.00368EPSS

EUVD•added 2026/05/29 10:57 a.m.•8 views

EUVD-2025-209996

ATTACKERKB•added 2026/05/29 10:57 a.m.•9 views

CVE-2025-41276

CVE•added 2026/05/29 10:56 a.m.•20 views

CVE-2025-41275

The CVE-2025-41275 entry concerns Waterfall WF-500 TX and RX Hosts (Console WebUI) with a CWE-78 OS command injection in version 7.9.1.0 R2502171040. The root cause is improper neutralization of special elements in the OS command flow, enabling remote unauthenticated attackers to execute arbitrar...

9.8CVSS6.1AI score0.00368EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/29 10:53 a.m.•8 views

EUVD-2025-209994

Cvelist•added 2026/05/29 10:53 a.m.•34 views

CVE-2025-41273

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.3CVSS0.00222EPSS

ATTACKERKB•added 2026/05/29 10:52 a.m.•9 views

CVE-2025-41272

EUVD•added 2026/05/29 10:51 a.m.•7 views

EUVD-2025-209991

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...

8.7CVSS6AI score0.00086EPSS