Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-8047 | The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device. | 8.7 | 0.45% | 2026-05-26 | 2026-06-17 |
| CVE-2026-8046 | The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges. | 7.2 | 0.35% | 2026-05-26 | 2026-06-17 |
| CVE-2026-8024 | A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems. | 9.3 | 0.55% | 2026-06-18 | 2026-06-22 |
| CVE-2026-5416 | Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise. | 8.7 | 0.77% | 2026-06-16 | 2026-06-17 |
| CVE-2026-44469 | The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation. | 8.5 | 0.10% | 2026-05-26 | 2026-06-17 |
| CVE-2026-44468 | The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components. | 8.5 | 0.12% | 2026-05-26 | 2026-06-17 |
| CVE-2026-41032 | It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. | 7.5 | 0.26% | 2026-06-03 | 2026-06-17 |
| CVE-2026-41031 | A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials. | 9.3 | 0.24% | 2026-06-09 | 2026-06-17 |
| CVE-2026-40852 | A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability. | 7.2 | 0.40% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40851 | A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability. | 8.4 | 0.14% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40850 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.41% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40849 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40848 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40847 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40846 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40845 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40844 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40843 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40842 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-40841 | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.1 | 0.26% | 2026-05-27 | 2026-06-17 |