CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/29 12:16 p.m.•9 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00306EPSS

EUVD•added 2026/05/29 10:59 a.m.•9 views

EUVD-2025-209999

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

Cvelist•added 2026/05/29 10:59 a.m.•27 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00306EPSS

ATTACKERKB•added 2026/05/29 10:57 a.m.•7 views

CVE-2025-41277

CVE•added 2026/05/29 10:56 a.m.•18 views

Exploits0References2

CVE-2025-41275

The CVE-2025-41275 entry concerns Waterfall WF-500 TX and RX Hosts (Console WebUI) with a CWE-78 OS command injection in version 7.9.1.0 R2502171040. The root cause is improper neutralization of special elements in the OS command flow, enabling remote unauthenticated attackers to execute arbitrar...

9.8CVSS6.1AI score0.00368EPSS

EUVD•added 2026/05/29 10:53 a.m.•8 views

EUVD-2025-209994

Vulnrichment•added 2026/05/29 10:53 a.m.•13 views

CVE-2025-41274

EUVD•added 2026/05/29 10:52 a.m.•7 views

EUVD-2025-209992

CVE•added 2026/05/29 10:52 a.m.•15 views

CVE-2025-41272

The CVE-2025-41272 entry describes a CWE-78 OS Command Injection in the Waterfall WF-500 TX and RX Hosts Console WebUI (version 7.9.1.0 R2502171040). The vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands on the device through the Console WebUI, i...

9.8CVSS6.1AI score0.00368EPSS

Vulnrichment•added 2026/05/29 10:51 a.m.•9 views

CVE-2025-41270

EUVD•added 2026/05/29 10:50 a.m.•6 views

EUVD-2025-209989

CVE•added 2026/05/29 10:50 a.m.•10 views

CVE-2025-41269

The CVE-2025-41269 entry describes a remote OS Command Injection (CWE-78) affecting Waterfall WF-500 Series controllers: Console WebUI on TX/RX Hosts, version 7.9.1.0 R2502171040. Root cause is improper neutralization of special elements in the OS command execution path, permitting remote unauthe...

9.8CVSS6.1AI score0.00368EPSS

ATTACKERKB•added 2026/05/29 10:50 a.m.•9 views

CVE-2025-41269

Cvelist•added 2026/05/29 10:50 a.m.•30 views

Exploits0References2

CVE-2025-41269

9.3CVSS0.00368EPSS

CVE•added 2026/05/29 10:48 a.m.•11 views

CVE-2025-41267

The CVE-2025-41267 entry concerns Nozomi Networks’ Waterfall WF-500 TX Host (Administration WebUI), affected version 7.9.1.0 R2502171040. It reports a CWE-78 OS Command Injection in the Administration WebUI that can be triggered by remote authenticated attackers to execute arbitrary operating sys...

8.5CVSS6.1AI score0.00306EPSS

CVE•added 2026/05/29 10:48 a.m.•14 views

CVE-2025-41266

CVE-2025-41266 affects Waterfall WF-500 TX Host (Administration WebUI), version 7.9.1.0 R2502171040. Root cause: CWE-78 OS Command Injection in the web interface, enabling remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host. Documented impact includ...

ATTACKERKB•added 2026/05/29 10:48 a.m.•7 views

CVE-2025-41266

EUVD•added 2026/05/29 10:41 a.m.•6 views

Exploits0References2

EUVD-2025-209985

CVE•added 2026/05/29 10:41 a.m.•10 views

CVE-2025-41265

CVE-2025-41265 affects Waterfall WF-500 TX Host (Administration WebUI) in version 7.9.1.0 R2502171040. The issue is CWE-78: OS Command Injection due to improper neutralization of special elements, allowing remote authenticated attackers to execute arbitrary operating system commands on the host. ...