Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

16790 matches found

Zero Science Lab
Zero Science Labadded 2026/05/31 12:0 a.m.45 views

Lightweight Music Server (LMS) 3.76.0 (metadata) Stored XSS

Summary LMS Lightweight Music Server: A specific C++ based project focused on a low memory footprint, featuring built-in user management and a recommendation engine. Description LMS stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders...

5.4CVSS5.4AI score0.00171EPSS
Exploits1
OSV
OSVadded 2026/05/30 6:3 p.m.15 views

RLSA-2026:21468 Important: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Cockpit: Arbitrary command execution via crafted links in...

8CVSS7.2AI score0.00799EPSS
Exploits0References2
NVD
NVDadded 2026/05/29 8:16 p.m.13 views

CVE-2026-34127

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

5.3CVSS0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/29 5:47 p.m.9 views

CVE-2026-40425 MacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password...

6.9CVSS5.8AI score0.00602EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/29 5:47 p.m.14 views

EUVD-2026-33403

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password...

6.9CVSS5.8AI score0.00602EPSS
Exploits0References3
NVD
NVDadded 2026/05/29 12:16 p.m.15 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 12:16 p.m.10 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

9.1CVSS0.00437EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 12:16 p.m.11 views

CVE-2025-41273

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.8CVSS0.00407EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 12:16 p.m.10 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 12:16 p.m.12 views

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/29 10:59 a.m.9 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 10:59 a.m.9 views

EUVD-2025-209999

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 10:59 a.m.9 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/29 10:57 a.m.34 views

CVE-2025-41277

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS0.0138EPSS
Exploits0References1
CVE
CVEadded 2026/05/29 10:57 a.m.14 views

CVE-2025-41277

CVE-2025-41277 affects Waterfall WF-500 TX and RX Hosts (Console WebUI) running version 7.9.1.0 R2502171040. The issue is CWE-78 OS Command Injection in the Console WebUI that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. Root cause: imprope...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/29 10:53 a.m.34 views

CVE-2025-41273

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.3CVSS0.00407EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 10:53 a.m.6 views

EUVD-2025-209993

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.3CVSS5.8AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/29 10:53 a.m.10 views

CVE-2025-41273

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.3CVSS5.8AI score0.00407EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 10:51 a.m.7 views

EUVD-2025-209990

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 10:50 a.m.10 views

CVE-2025-41269

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS
Exploits0References2
Rows per page
Query Builder