CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 161180 / 751
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-41735 A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution. 8.8 0.50% 2025-11-18 2026-06-17
CVE-2025-41734 An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices. 9.8 0.46% 2025-11-18 2026-06-17
CVE-2025-41733 The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials. 9.8 0.56% 2025-11-18 2026-06-17
CVE-2025-41731 A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled. 7.4 0.11% 2025-11-10 2026-06-17
CVE-2025-41724 An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again. 7.5 0.40% 2025-10-22 2026-06-17
CVE-2025-41723 The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. 9.8 1.23% 2025-10-22 2026-06-17
CVE-2025-41722 The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices. 7.5 0.23% 2025-10-22 2026-06-17
CVE-2025-41721 A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate. 2.7 0.17% 2025-10-22 2026-06-17
CVE-2025-41720 A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified. 4.3 0.15% 2025-10-22 2026-06-17
CVE-2025-41719 A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password. 8.8 0.46% 2025-10-22 2026-06-17
CVE-2025-41718 A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI. 7.5 0.24% 2025-10-14 2026-06-17
CVE-2025-41699 An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection'). 8.8 0.88% 2025-10-14 2026-06-17
CVE-2025-41707 The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality. 5.3 1.44% 2025-10-14 2026-06-17
CVE-2025-41706 The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality. 5.3 1.70% 2025-10-14 2026-06-17
CVE-2025-41705 An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend. 6.8 0.42% 2025-10-14 2026-06-17
CVE-2025-41704 An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality. 5.3 1.50% 2025-10-14 2026-06-17
CVE-2025-41703 An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command. 7.5 1.00% 2025-10-14 2026-06-17
CVE-2025-41716 The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function. 5.3 0.37% 2025-09-24 2026-06-17
CVE-2025-41715 The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it. 9.8 0.47% 2025-09-24 2026-06-17
CVE-2025-41713 During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration. 6.5 0.35% 2025-09-15 2026-06-17
cvelogic Threat Intelligence