CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 161180 of 751 results
«« First « Prev Page 9 / 38 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2025-41735 A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution. 8.8 0.50% 2025-11-18 2026-06-17
CVE-2025-41734 An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices. 9.8 0.46% 2025-11-18 2026-06-17
CVE-2025-41733 The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials. 9.8 0.56% 2025-11-18 2026-06-17
CVE-2025-41731 A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled. 7.4 0.11% 2025-11-10 2026-06-17
CVE-2025-41724 An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again. 7.5 0.40% 2025-10-22 2026-06-17
CVE-2025-41723 The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. 9.8 1.23% 2025-10-22 2026-06-17
CVE-2025-41722 The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices. 7.5 0.23% 2025-10-22 2026-06-17
CVE-2025-41721 A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate. 2.7 0.17% 2025-10-22 2026-06-17
CVE-2025-41720 A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified. 4.3 0.15% 2025-10-22 2026-06-17
CVE-2025-41719 A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password. 8.8 0.46% 2025-10-22 2026-06-17
CVE-2025-41718 A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI. 7.5 0.24% 2025-10-14 2026-06-17
CVE-2025-41699 An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection'). 8.8 0.88% 2025-10-14 2026-06-17
CVE-2025-41707 The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality. 5.3 1.44% 2025-10-14 2026-06-17
CVE-2025-41706 The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality. 5.3 1.70% 2025-10-14 2026-06-17
CVE-2025-41705 An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend. 6.8 0.42% 2025-10-14 2026-06-17
CVE-2025-41704 An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality. 5.3 1.50% 2025-10-14 2026-06-17
CVE-2025-41703 An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command. 7.5 1.00% 2025-10-14 2026-06-17
CVE-2025-41716 The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function. 5.3 0.37% 2025-09-24 2026-06-17
CVE-2025-41715 The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it. 9.8 0.47% 2025-09-24 2026-06-17
CVE-2025-41713 During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration. 6.5 0.35% 2025-09-15 2026-06-17
«« First « Prev Page 9 / 38 Next »
cvelogic Threat Intelligence