Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-49900 | An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command. | 9.8 | N/A | 2026-07-16 | 2026-07-16 |
| CVE-2023-49899 | An unauthenticated remote attacker can execute any command on the affected device due to not correctly verifying the origin of a communication channel. | 9.8 | N/A | 2026-07-16 | 2026-07-16 |
| CVE-2026-4769 | Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise. | 9.3 | 0.45% | 2026-07-13 | 2026-07-13 |
| CVE-2026-10521 | An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability. | 8.6 | 0.31% | 2026-06-23 | 2026-06-23 |
| CVE-2023-45796 | A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability. | 8.1 | 0.35% | 2026-06-22 | 2026-06-22 |
| CVE-2023-45795 | A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device. | 7.8 | 0.15% | 2026-06-22 | 2026-06-22 |
| CVE-2026-8024 | A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems. | 9.3 | 0.55% | 2026-06-18 | 2026-06-22 |
| CVE-2026-5416 | Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise. | 8.7 | 0.77% | 2026-06-16 | 2026-06-17 |
| CVE-2026-41031 | A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials. | 9.3 | 0.24% | 2026-06-09 | 2026-06-17 |
| CVE-2026-35085 | A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. | 8.7 | 0.47% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35084 | A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. | 8.7 | 0.46% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35083 | A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. | 8.7 | 0.46% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35082 | The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. | 8.7 | 0.49% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35081 | The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. | 7.2 | 0.37% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35080 | The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.36% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35079 | The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.36% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35078 | The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.37% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35077 | The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.37% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35076 | The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.36% | 2026-06-03 | 2026-07-03 |
| CVE-2026-35075 | An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. | 9.3 | 0.47% | 2026-06-03 | 2026-07-03 |