Lucene search
K

18652 matches found

Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.20 views

PT-2026-45931

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS5.8AI score0.00277EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:9 p.m.8 views

CVE-2026-7313

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.16 views

PT-2026-45763

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 8.0.5700 through 13.3.7652 Description Insufficiently protected credentials in web services allow a remote authenticated attacker to obtain plain-text credentials used to connect to the Sitefinity Insight service...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 12:16 p.m.15 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 12:16 p.m.17 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS0.00882EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 10:59 a.m.34 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 10:48 a.m.13 views

EUVD-2025-209987

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS6.1AI score0.00882EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:48 a.m.9 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS6.1AI score0.00882EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 10:48 a.m.35 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS0.00882EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 10:48 a.m.21 views

CVE-2025-41267

The CVE-2025-41267 entry concerns Nozomi Networks’ Waterfall WF-500 TX Host (Administration WebUI), affected version 7.9.1.0 R2502171040. It reports a CWE-78 OS Command Injection in the Administration WebUI that can be triggered by remote authenticated attackers to execute arbitrary operating sys...

8.5CVSS6.1AI score0.00882EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 10:48 a.m.15 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 10:48 a.m.37 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 10:48 a.m.22 views

CVE-2025-41266

CVE-2025-41266 affects Waterfall WF-500 TX Host (Administration WebUI), version 7.9.1.0 R2502171040. Root cause: CWE-78 OS Command Injection in the web interface, enabling remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host. Documented impact includ...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 10:41 a.m.15 views

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 10:41 a.m.10 views

EUVD-2025-209985

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:41 a.m.11 views

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44817

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:34 a.m.15 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 8:34 a.m.31 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:34 a.m.15 views

CVE-2025-13167

Technical details (affected versions, root cause, and fixes) are not publicly available in the provided documents. Monitor for updates from Synology advisory and CVE records.

5.4CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder