Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-9808 — Mautic Authorization Bypass

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrictions (such as `viewown` or …

Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.9 CRITICAL
CVE-2026-9559 — Mautic Remote Code Execution via Path Traversal

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escap…

Remote | Path Traversal
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.8 HIGH
CVE-2025-41281 — Nozomi Networks Labs Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that al…

wf-500_firmware wf-500 | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
7.8 HIGH
CVE-2025-41280 — Nozomi Networks Labs Waterfall WF-500 RX Host Zip Slip Code Execution

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute cod…

wf-500_firmware wf-500 | Path Traversal
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.6 HIGH
CVE-2025-41279 — Waterfall WF-500 RX Host OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
7.8 HIGH
CVE-2025-41278 — Nozomi Networks Waterfall WF-500 Out-of-bounds Read Remote Code Execution

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Ho…

wf-500_firmware wf-500 | Memory Corruption
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41277 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41276 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41275 — Nozomi Networks Waterfall WF-500 OS Command Injection Vulnerability

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41274 — Nozomi Networks Labs Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41273 — Nozomi Networks Labs Nozomi Waterfall Authentication Bypass

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows…

wf-500_firmware wf-500 | Remote | Authentication
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41272 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.7 HIGH
CVE-2025-41271 — Nozomi Networks Waterfall WF-500 Relative Path Traversal

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers …

wf-500_firmware wf-500 | Remote | Path Traversal
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41270 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41269 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.1 CRITICAL
CVE-2025-41268 — Nozomi Networks Waterfall WF-500 RX Host Relative Path Traversal Remote File Deletion

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated att…

wf-500_firmware wf-500 | Remote | Path Traversal
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.5 HIGH
CVE-2025-41267 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.6 HIGH
CVE-2025-41266 — Nozomi Networks Waterfall WF-500 TX Host OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.6 HIGH
CVE-2025-41265 — Nozomi Networks Waterfall WF-500 TX Host OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.9 CRITICAL
CVE-2026-9558 — Mautic Twig Template Injection Vulnerability

A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated us…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
Showing 20 of 7160 Results