CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 4160 of 751 results
«« First « Prev Page 3 / 38 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2021-20993 In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. 5.3 0.79% 2021-05-13 2026-06-16
CVE-2021-20994 In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. 8.8 0.63% 2021-05-13 2026-06-16
CVE-2021-20995 In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. 5.3 0.54% 2021-05-13 2026-06-16
CVE-2021-20996 In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. 5.3 0.75% 2021-05-13 2026-06-16
CVE-2021-20997 In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. 7.5 1.02% 2021-05-13 2026-06-16
CVE-2021-20998 In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. 10.0 1.11% 2021-05-13 2026-06-16
CVE-2021-20999 In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped. 9.4 0.95% 2021-05-13 2026-06-16
CVE-2021-21000 On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. 5.3 1.04% 2021-05-24 2026-06-16
CVE-2021-21001 On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. 9.1 1.13% 2021-05-24 2026-06-16
CVE-2021-21002 In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. 7.5 0.96% 2021-06-25 2026-06-16
CVE-2021-21003 In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected. 5.3 0.95% 2021-06-25 2026-06-16
CVE-2021-21004 In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. 7.4 0.58% 2021-06-25 2026-06-16
CVE-2021-21005 In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards. 7.5 0.68% 2021-06-25 2026-06-16
CVE-2021-33528 In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 1.13% 2021-06-25 2026-06-16
CVE-2021-33529 In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. 7.5 0.93% 2021-06-25 2026-06-16
CVE-2021-33530 In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. 8.8 1.73% 2021-06-25 2026-06-16
CVE-2021-33531 In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. 8.8 0.72% 2021-06-25 2026-06-16
CVE-2021-33532 In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 1.73% 2021-06-25 2026-06-16
CVE-2021-33533 In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 8.8 1.73% 2021-06-25 2026-06-16
CVE-2021-33534 In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability. 7.2 2.14% 2021-06-25 2026-06-16
«« First « Prev Page 3 / 38 Next »
cvelogic Threat Intelligence