|
3991
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without…
|
-
|
CVE-2026-9092
|
2026-06-2 04:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3992
|
4.3 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox m…
|
CWE-285
Improper Authorization
|
CVE-2026-48810
|
2026-06-2 04:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3993
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users …
|
CWE-78
OS Command
|
CVE-2026-45630
|
2026-06-2 04:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3994
|
7.2 |
HIGH
Network
|
waterfall-security
|
wf-500_firmware
|
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…
|
CWE-78
OS Command
|
CVE-2025-41265
|
2026-06-2 03:58 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3995
|
7.2 |
HIGH
Network
|
waterfall-security
|
wf-500_firmware
|
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…
|
CWE-78
OS Command
|
CVE-2025-41266
|
2026-06-2 03:57 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3996
|
7.2 |
HIGH
Network
|
waterfall-security
|
wf-500_firmware
|
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…
|
CWE-78
OS Command
|
CVE-2025-41267
|
2026-06-2 03:57 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3997
|
9.1 |
CRITICAL
Network
|
waterfall-security
|
wf-500_firmware
|
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated att…
|
CWE-23
Relative Path Traversal
|
CVE-2025-41268
|
2026-06-2 03:57 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3998
|
9.8 |
CRITICAL
Network
|
waterfall-security
|
wf-500_firmware
|
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…
|
CWE-78
OS Command
|
CVE-2025-41269
|
2026-06-2 03:57 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3999
|
9.8 |
CRITICAL
Network
|
waterfall-security
|
wf-500_firmware
|
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…
|
CWE-78
OS Command
|
CVE-2025-41270
|
2026-06-2 03:57 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4000
|
7.5 |
HIGH
Network
|
waterfall-security
|
wf-500_firmware
|
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers …
|
CWE-23
Relative Path Traversal
|
CVE-2025-41271
|
2026-06-2 03:57 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
