2028 matches found
CVE-2026-48189
An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...
EUVD-2026-33550
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...
EUVD-2026-33547
An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...
MINI-V7MQ-7X27-XXHM
Bulletin has no description...
CVE-2025-41275
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
CVE-2025-41274
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
CVE-2025-41273
CVE-2025-41273 affects Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040). Nozomi Networks Labs describe CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI, enabling remote unauthenticated attackers to bypass authentication and perform actions as an...
CVE-2025-41273
Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...
EUVD-2025-209993
Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...
CVE-2025-41265
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...
PT-2026-44812
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
Mautic 安全漏洞
Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from an API v2 endpoint authorization bypass. This vulnerability cou...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...
Mautic 安全漏洞
Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from a cross-site scripting vulnerability stored in the project...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...
Mautic 安全漏洞
Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from a stored-xss attack within the project components. This...
Waterfall WF-500 缓冲区错误漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. In the version 7.10.0.0 R2601141040 of the Waterfall WF-500 RX Host, there is a buffer error vulnerability. This vulnerability stems...
Waterfall WF-500 安全漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. There are security vulnerabilities in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040; these vulnerabilities stem fr...
PT-2026-44816
Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host...
CVE-2026-47761
Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...