Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-9717 | CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service. | 8.6 | 1.19% | 2026-06-25 | 2026-07-01 |
| CVE-2026-9716 | CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces. | 8.7 | 0.25% | 2026-06-25 | 2026-07-01 |
| CVE-2026-9650 | CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device. | 8.7 | 0.25% | 2026-06-25 | 2026-06-25 |
| CVE-2026-8045 | CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints. | 7.1 | 0.23% | 2026-06-09 | 2026-06-23 |
| CVE-2026-6866 | CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials. | 8.2 | 0.31% | 2026-05-12 | 2026-06-24 |
| CVE-2026-6865 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing. | 7.1 | 0.29% | 2026-05-12 | 2026-06-17 |
| CVE-2026-4827 | CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections. | 8.7 | 0.31% | 2026-05-12 | 2026-06-17 |
| CVE-2026-2273 | CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file. | 7.2 | 0.22% | 2026-03-10 | 2026-06-23 |
| CVE-2026-1286 | CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file. | 7.0 | 0.33% | 2026-03-10 | 2026-06-24 |
| CVE-2025-13957 | CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default. | 7.5 | 0.68% | 2026-03-10 | 2026-06-17 |
| CVE-2025-11739 | CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization. | 8.5 | 0.18% | 2026-03-10 | 2026-06-24 |
| CVE-2026-1227 | CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation. | 7.0 | 0.06% | 2026-02-11 | 2026-06-17 |
| CVE-2026-1226 | CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file. | 7.0 | 0.13% | 2026-02-11 | 2026-06-17 |
| CVE-2025-13905 | CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart. | 7.0 | 0.10% | 2026-01-29 | 2026-06-17 |
| CVE-2025-13845 | CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody. | 8.4 | 0.31% | 2026-01-15 | 2026-06-17 |
| CVE-2025-13844 | CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody. | 8.4 | 0.14% | 2026-01-15 | 2026-06-17 |
| CVE-2025-11567 | CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured. | 7.3 | 0.11% | 2025-11-12 | 2026-06-17 |
| CVE-2025-11565 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload. | 7.3 | 0.12% | 2025-11-12 | 2026-06-17 |
| CVE-2025-54926 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed. | 7.2 | 0.85% | 2025-08-20 | 2026-06-17 |
| CVE-2025-54925 | CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url. | 7.5 | 0.42% | 2025-08-20 | 2026-06-17 |