Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-20993 | In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. | 5.3 | 0.79% | 2021-05-13 | 2026-06-16 |
| CVE-2021-20994 | In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. | 8.8 | 0.63% | 2021-05-13 | 2026-06-16 |
| CVE-2021-20995 | In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | 5.3 | 0.54% | 2021-05-13 | 2026-06-16 |
| CVE-2021-20996 | In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. | 5.3 | 0.75% | 2021-05-13 | 2026-06-16 |
| CVE-2021-20997 | In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | 7.5 | 1.02% | 2021-05-13 | 2026-06-16 |
| CVE-2021-20998 | In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | 10.0 | 1.11% | 2021-05-13 | 2026-06-16 |
| CVE-2021-20999 | In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped. | 9.4 | 0.95% | 2021-05-13 | 2026-06-16 |
| CVE-2021-21000 | On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. | 5.3 | 1.04% | 2021-05-24 | 2026-06-16 |
| CVE-2021-21001 | On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. | 9.1 | 1.13% | 2021-05-24 | 2026-06-16 |
| CVE-2021-21002 | In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. | 7.5 | 0.96% | 2021-06-25 | 2026-06-16 |
| CVE-2021-21003 | In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected. | 5.3 | 0.95% | 2021-06-25 | 2026-06-16 |
| CVE-2021-21004 | In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. | 7.4 | 0.58% | 2021-06-25 | 2026-06-16 |
| CVE-2021-21005 | In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards. | 7.5 | 0.68% | 2021-06-25 | 2026-06-16 |
| CVE-2021-33528 | In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | 1.13% | 2021-06-25 | 2026-06-16 |
| CVE-2021-33529 | In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. | 7.5 | 0.93% | 2021-06-25 | 2026-06-16 |
| CVE-2021-33530 | In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | 1.73% | 2021-06-25 | 2026-06-16 |
| CVE-2021-33531 | In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | 0.72% | 2021-06-25 | 2026-06-16 |
| CVE-2021-33532 | In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | 1.73% | 2021-06-25 | 2026-06-16 |
| CVE-2021-33533 | In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | 1.73% | 2021-06-25 | 2026-06-16 |
| CVE-2021-33534 | In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability. | 7.2 | 2.14% | 2021-06-25 | 2026-06-16 |