CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added last week•12 views

CVE-2025-41281

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is...

7.8CVSS0.00047EPSS

CVE•added last week•11 views

CVE-2025-41281

Nozomi Networks Labs identifies a CWE-78 OS Command Injection in Waterfall WF-500 RX Host (version 7.9.1.0 R2502171040). The root cause is improper neutralization of special elements used in an OS command, triggered when a MySQL connector is configured. Attackers with access to the TX Host can po...

7.8CVSS6AI score0.00047EPSS

Exploits0References1Affected Software1

EUVD•added last week•8 views

EUVD-2025-210001

7.5CVSS6AI score0.00047EPSS

CVE•added last week•11 views

CVE-2025-41280

CVE-2025-41280 affects Waterfall WF-500 RX Host (version 7.9.1.0 R2502171040). The vulnerability is a CWE-23 Relative Path Traversal (Zip Slip) in the MySQL connector scenario when file compression is enabled, allowing a user with access to the TX Host to execute code on the RX Host. Documented i...

7.8CVSS6AI score0.00015EPSS

Exploits0References1Affected Software1

Vulnrichment•added last week•11 views

CVE-2025-41280

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...

ATTACKERKB•added last week•8 views

CVE-2025-41280

EUVD•added last week•7 views

EUVD-2025-210000

EUVD•added last week•9 views

EUVD-2025-209999

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00306EPSS

Cvelist•added last week•30 views

CVE-2025-41274

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS0.00368EPSS

CVE•added last week•10 views

CVE-2025-41270

CVE-2025-41270 affects Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040). The vulnerability is in the Console WebUI and stems from CWE-78, Improper Neutralization of Special Elements used in an OS Command (OS Command Injection). It allows remote unauthenticated attackers to execute a...

9.8CVSS6.1AI score0.00368EPSS

Exploits0References1Affected Software1

SUSE CVE•added 2026/05/29 1:17 a.m.•7 views

SUSE CVE-2026-46110

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Prevent NULL deref when RX memory exhausted The CPU receives frames from the MAC through conventional DMA: the CPU allocates buffers for the MAC, then the MAC fills them and returns ownership to the CPU. For each...

5.9AI score0.00058EPSS

Exploits0References3

SUSE CVE•added 2026/05/29 1:15 a.m.•7 views

SUSE CVE-2026-46163

In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacyrx can exceed dev-maxnrkeys. The existing B43legacyWARNON is non-enforcing in production builds...

5.8AI score0.00032EPSS

Exploits0References3

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Waterfall WF-500 安全漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. A security vulnerability exists in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040; this vulnerability stems from...

9.1CVSS5.8AI score0.01102EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44811

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.3CVSS5.8AI score0.00222EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44818

Tenable Nessus•added 2026/05/29 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against th...

7.7CVSS6AI score0.00016EPSS

Exploits0References3

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44814

9.3CVSS6.1AI score0.00368EPSS