Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-41031 | A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials. | 9.3 | 0.04% | 2026-06-09 | 2026-06-09 |
| CVE-2024-56123 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A | 2026-06-08 | 2026-06-08 |
| CVE-2024-56122 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A | 2026-06-08 | 2026-06-08 |
| CVE-2024-56121 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A | 2026-06-08 | 2026-06-08 |
| CVE-2024-56120 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A | 2026-06-08 | 2026-06-08 |
| CVE-2026-35085 | A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. | 8.7 | 0.10% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35084 | A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. | 8.7 | 0.10% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35083 | A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. | 8.7 | 0.10% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35082 | The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. | 8.7 | 0.15% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35081 | The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. | 7.2 | 0.10% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35080 | The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.10% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35079 | The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.10% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35078 | The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.10% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35077 | The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.10% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35076 | The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.10% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35075 | An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. | 9.3 | 0.08% | 2026-06-03 | 2026-06-08 |
| CVE-2026-41032 | It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. | 7.5 | 0.03% | 2026-06-03 | 2026-06-04 |
| CVE-2026-40852 | A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability. | 7.2 | 0.07% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40851 | A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability. | 8.4 | 0.02% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40850 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.06% | 2026-05-27 | 2026-05-27 |