146393 matches found
EUVD-2025-209985
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...
CVE-2025-41265
CVE-2025-41265 affects Waterfall WF-500 TX Host (Administration WebUI) in version 7.9.1.0 R2502171040. The issue is CWE-78: OS Command Injection due to improper neutralization of special elements, allowing remote authenticated attackers to execute arbitrary operating system commands on the host. ...
CVE-2025-41265
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...
CVE-2026-49199
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...
CVE-2026-49196
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...
CVE-2026-49199 Predator Connect W6x: RCE via MQTT
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...
CVE-2026-49199
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...
CVE-2026-49199
The CVE-2026-49199 entry describes a root‑level RCE via crafted MQTT messages, enabling command injection on the target device. Connected records identify Predator Connect W6x as affected (CVE-2026-49199 CVE Record). The core issue is a vulnerability in handling MQTT payloads that allows arbitrar...
EUVD-2026-33269
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...
CVE-2026-49199 Predator Connect W6x: RCE via MQTT
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...
CVE-2026-49196 Predator Connect W6x: Web Interface Command Injection
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...
CVE-2026-49196 Predator Connect W6x: Web Interface Command Injection
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...
CVE-2026-49196
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...
EUVD-2026-33263
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...
CVE-2026-49196
Predator Connect W6x firmware exposes a web-interface command injection via the Wi‑Fi device blocking feature, caused by inadequate MAC address input sanitization. This permits arbitrary shell command execution through the affected component. The CVSS details indicate network access with high imp...
CVE-2026-49195 Predator Connect W6x: unauthenticated Debug Service
Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...
RLSA-2026:21700 Important: cockpit security update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Cockpit: Arbitrary command execution via crafted links in...
cockpit security update
An update is available for cockpit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...
MGASA-2026-0157 Updated perl-HTTP-Daemon package fixes a security vulnerability
The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...
Updated perl-HTTP-Daemon package fixes a security vulnerability
The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...