Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2025-41280 — Nozomi Networks Labs Waterfall WF-500 RX Host Zip Slip Code Execution

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute cod…

wf-500_firmware wf-500 | Path Traversal
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.6 HIGH
CVE-2025-41279 — Waterfall WF-500 RX Host OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
7.8 HIGH
CVE-2025-41278 — Nozomi Networks Waterfall WF-500 Out-of-bounds Read Remote Code Execution

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Ho…

wf-500_firmware wf-500 | Memory Corruption
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41277 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41276 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41275 — Nozomi Networks Waterfall WF-500 OS Command Injection Vulnerability

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41274 — Nozomi Networks Labs Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41273 — Nozomi Networks Labs Nozomi Waterfall Authentication Bypass

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows…

wf-500_firmware wf-500 | Remote | Authentication
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41272 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.7 HIGH
CVE-2025-41271 — Nozomi Networks Waterfall WF-500 Relative Path Traversal

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers …

wf-500_firmware wf-500 | Remote | Path Traversal
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41270 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2025-41269 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.1 CRITICAL
CVE-2025-41268 — Nozomi Networks Waterfall WF-500 RX Host Relative Path Traversal Remote File Deletion

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated att…

wf-500_firmware wf-500 | Remote | Path Traversal
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.5 HIGH
CVE-2025-41267 — Nozomi Networks Waterfall WF-500 OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.6 HIGH
CVE-2025-41266 — Nozomi Networks Waterfall WF-500 TX Host OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.6 HIGH
CVE-2025-41265 — Nozomi Networks Waterfall WF-500 TX Host OS Command Injection

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…

wf-500_firmware wf-500 | Remote | Injection
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
9.9 CRITICAL
CVE-2026-9558 — Mautic Twig Template Injection Vulnerability

A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated us…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.4 MEDIUM
CVE-2026-9557 — Mautic Focus SSRF

A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests f…

Remote | Server-Side Request Forgery
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
10.0 CRITICAL
CVE-2026-49201 — Acer Wave 7 router: Hardcoded Cryptographic Key

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating pers…

Remote | Cryptography
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.4 HIGH
CVE-2026-46579 — Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl…

A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows…

openshift_container_platform | Remote | Authentication
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
Showing 20 of 7161 Results