Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-41683 | An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test). | 8.8 | 0.67% | 2025-07-23 | 2026-06-17 |
| CVE-2025-41681 | A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content. | 4.8 | 0.27% | 2025-07-21 | 2026-06-17 |
| CVE-2025-41679 | An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service. | 5.3 | 0.61% | 2025-07-21 | 2026-06-17 |
| CVE-2025-41678 | A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement. | 6.5 | 0.56% | 2025-07-21 | 2026-06-17 |
| CVE-2025-41677 | A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession. | 4.9 | 0.56% | 2025-07-21 | 2026-06-17 |
| CVE-2025-41676 | A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession. | 4.9 | 0.50% | 2025-07-21 | 2026-06-17 |
| CVE-2025-41675 | A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command. | 7.2 | 0.57% | 2025-07-21 | 2026-06-17 |
| CVE-2025-41674 | A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command. | 7.2 | 0.57% | 2025-07-21 | 2026-06-17 |
| CVE-2025-41673 | A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command. | 7.2 | 0.57% | 2025-07-21 | 2026-06-17 |
| CVE-2025-29572 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | N/A | 2025-07-18 | 2025-07-18 |
| CVE-2025-41668 | A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device. | 8.8 | 0.50% | 2025-07-08 | 2026-06-17 |
| CVE-2025-41667 | A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device. | 8.8 | 0.50% | 2025-07-08 | 2026-06-17 |
| CVE-2025-41666 | A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized. | 8.8 | 0.50% | 2025-07-08 | 2026-06-17 |
| CVE-2025-41665 | An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file. | 6.5 | 0.30% | 2025-07-08 | 2026-06-17 |
| CVE-2025-25271 | An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface. | 8.8 | 0.29% | 2025-07-08 | 2026-06-17 |
| CVE-2025-25270 | An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations. | 9.8 | 0.63% | 2025-07-08 | 2026-06-17 |
| CVE-2025-25269 | An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation. | 8.4 | 0.20% | 2025-07-08 | 2026-06-17 |
| CVE-2025-25268 | An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication. | 8.8 | 0.30% | 2025-07-08 | 2026-06-17 |
| CVE-2025-24006 | A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. | 7.8 | 0.05% | 2025-07-08 | 2026-06-17 |
| CVE-2025-24005 | A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. | 7.8 | 0.07% | 2025-07-08 | 2026-06-17 |