Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-41670 | A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation. | 8.7 | 0.19% | 2026-05-27 | 2026-05-27 |
| CVE-2025-41669 | The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control. | 8.7 | 0.22% | 2026-05-27 | 2026-05-27 |
| CVE-2026-8047 | The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device. | 8.7 | 0.45% | 2026-05-26 | 2026-05-26 |
| CVE-2026-8046 | The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges. | 7.2 | 0.35% | 2026-05-26 | 2026-05-26 |
| CVE-2026-44469 | The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation. | 8.5 | 0.10% | 2026-05-26 | 2026-05-28 |
| CVE-2026-44468 | The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components. | 8.5 | 0.12% | 2026-05-26 | 2026-05-28 |
| CVE-2026-0393 | The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session. | 6.9 | 0.24% | 2026-05-21 | 2026-06-01 |
| CVE-2026-35227 | An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections. | 8.2 | 0.35% | 2026-05-12 | 2026-05-12 |
| CVE-2024-43384 | A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer. | 8.0 | 0.34% | 2026-05-07 | 2026-05-11 |
| CVE-2026-3323 | An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes. | 7.5 | 0.40% | 2026-04-28 | 2026-05-11 |
| CVE-2026-35225 | An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections. | 8.7 | 0.42% | 2026-04-23 | 2026-04-24 |
| CVE-2023-5872 | In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint. | 4.3 | 0.32% | 2026-04-16 | 2026-04-17 |
| CVE-2023-3634 | In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability. | 8.8 | 0.50% | 2026-04-16 | 2026-04-17 |
| CVE-2024-1490 | An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device. | 7.2 | 0.73% | 2026-04-09 | 2026-04-13 |
| CVE-2026-33617 | An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials. | 5.3 | 0.27% | 2026-04-02 | 2026-04-16 |
| CVE-2026-33616 | An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.5 | 0.34% | 2026-04-02 | 2026-04-16 |
| CVE-2026-33615 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability. | 9.1 | 0.41% | 2026-04-02 | 2026-04-16 |
| CVE-2026-33614 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 7.5 | 0.34% | 2026-04-02 | 2026-04-16 |
| CVE-2026-33613 | Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table. | 7.2 | 0.50% | 2026-04-02 | 2026-04-16 |
| CVE-2026-2328 | An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information. | 7.5 | 0.31% | 2026-03-30 | 2026-03-30 |