Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-3465 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; CoreSense™ M10: through 1.4.1.12. | 8.2 | 0.01% | 2025-10-20 | 2026-04-15 |
| CVE-2025-9574 | Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166 | 9.9 | 0.05% | 2025-10-20 | 2026-04-15 |
| CVE-2025-11498 | An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attacker to create a malicious link. The user would need to click on this link, after which the resulting CSV file addi-tionally needs to be manually opened. | 5.3 | 0.03% | 2025-10-14 | 2026-04-15 |
| CVE-2025-9970 | Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21. | 5.7 | 0.01% | 2025-10-08 | 2026-04-15 |
| CVE-2025-3449 | A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions. | 2.3 | 0.02% | 2025-10-07 | 2026-04-15 |
| CVE-2025-3448 | Reflected cross-site scripting (XSS) vulnerabilities exist in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session | 5.1 | 0.03% | 2025-10-07 | 2026-04-15 |
| CVE-2025-3450 | An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions. | 9.3 | 0.06% | 2025-10-07 | 2026-04-15 |
| CVE-2021-22291 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2. | 8.5 | 0.03% | 2025-10-07 | 2026-04-15 |
| CVE-2025-10504 | Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33. | 6.9 | 0.01% | 2025-09-29 | 2026-04-15 |
| CVE-2025-10207 | Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. | 7.5 | 0.06% | 2025-09-18 | 2026-04-15 |
| CVE-2024-48851 | Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5. | 7.5 | 0.68% | 2025-09-18 | 2026-04-15 |
| CVE-2025-10205 | Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions | 8.7 | 0.01% | 2025-09-17 | 2026-04-15 |
| CVE-2024-48842 | Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions | 7.3 | 0.02% | 2025-09-17 | 2026-04-15 |
| CVE-2025-8754 | Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14. | 8.7 | 0.06% | 2025-08-13 | 2026-04-15 |
| CVE-2025-7679 | The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT | 9.2 | 0.07% | 2025-08-11 | 2026-04-15 |
| CVE-2025-7677 | A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT. | 8.2 | 0.06% | 2025-08-11 | 2026-04-15 |
| CVE-2025-53191 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.02% | 2025-08-11 | 2025-08-21 |
| CVE-2025-53190 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.01% | 2025-08-11 | 2025-08-21 |
| CVE-2025-53189 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.01% | 2025-08-11 | 2025-08-21 |
| CVE-2025-53188 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.01% | 2025-08-11 | 2025-08-21 |