Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-41721 | A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate. | 2.7 | 0.02% | 2025-10-22 | 2026-04-15 |
| CVE-2023-4089 | On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. | 2.7 | 0.14% | 2023-10-17 | 2024-11-21 |
| CVE-2022-28815 | In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service. | 2.7 | 0.19% | 2022-09-28 | 2024-11-21 |
| CVE-2023-3669 | A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. | 3.3 | 0.04% | 2023-08-03 | 2024-11-21 |
| CVE-2021-34563 | In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript. | 3.3 | 0.05% | 2021-08-31 | 2024-11-21 |
| CVE-2023-37857 | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device. | 3.8 | 0.06% | 2023-08-09 | 2024-11-21 |
| CVE-2025-41743 | Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes. | 4.0 | 0.01% | 2025-12-02 | 2026-02-23 |
| CVE-2025-41720 | A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified. | 4.3 | 0.02% | 2025-10-22 | 2026-04-15 |
| CVE-2025-41693 | A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected. | 4.3 | 0.29% | 2025-12-09 | 2025-12-19 |
| CVE-2025-41657 | Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker. | 4.3 | 0.11% | 2025-06-10 | 2026-04-15 |
| CVE-2025-1235 | A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970. | 4.3 | 0.29% | 2025-06-02 | 2026-04-15 |
| CVE-2024-24782 | An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. | 4.3 | 0.04% | 2024-02-13 | 2024-11-21 |
| CVE-2023-5872 | In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint. | 4.3 | 0.02% | 2026-04-16 | 2026-04-17 |
| CVE-2023-4834 | In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to. | 4.3 | 0.11% | 2023-10-16 | 2024-11-21 |
| CVE-2023-37856 | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . | 4.3 | 0.07% | 2023-08-09 | 2024-11-21 |
| CVE-2023-37855 | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. | 4.3 | 0.13% | 2023-08-09 | 2024-11-21 |
| CVE-2023-1779 | Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information. | 4.3 | 0.16% | 2023-06-06 | 2024-11-21 |
| CVE-2022-22508 | Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. | 4.3 | 0.82% | 2023-05-15 | 2024-11-21 |
| CVE-2021-34576 | In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties. | 4.3 | 0.17% | 2021-09-16 | 2024-11-21 |
| CVE-2021-34574 | In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server. | 4.3 | 0.26% | 2021-08-02 | 2024-11-21 |