聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-9718 | CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service. | 6.9 | 0.24% | 2026-06-25 | 2026-07-01 |
| CVE-2026-9717 | CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service. | 8.6 | 1.19% | 2026-06-25 | 2026-07-01 |
| CVE-2026-9716 | CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces. | 8.7 | 0.25% | 2026-06-25 | 2026-07-01 |
| CVE-2026-9651 | CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files. | 6.7 | 0.11% | 2026-06-25 | 2026-06-25 |
| CVE-2026-9650 | CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device. | 8.7 | 0.25% | 2026-06-25 | 2026-06-25 |
| CVE-2026-8045 | CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints. | 7.1 | 0.23% | 2026-06-09 | 2026-06-23 |
| CVE-2026-6332 | CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it. | 6.8 | 0.12% | 2026-05-14 | 2026-06-17 |
| CVE-2026-6866 | CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials. | 8.2 | 0.31% | 2026-05-12 | 2026-06-24 |
| CVE-2026-6865 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing. | 7.1 | 0.29% | 2026-05-12 | 2026-06-17 |
| CVE-2026-4827 | CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections. | 8.7 | 0.31% | 2026-05-12 | 2026-06-17 |
| CVE-2026-4832 | CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port. | 6.9 | 0.27% | 2026-04-14 | 2026-06-17 |
| CVE-2026-2405 | CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests. | 5.3 | 0.24% | 2026-04-14 | 2026-06-17 |
| CVE-2026-2404 | CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload. | 6.9 | 0.19% | 2026-04-14 | 2026-06-17 |
| CVE-2026-2403 | CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload. | 5.3 | 0.17% | 2026-04-14 | 2026-06-17 |
| CVE-2026-2402 | CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints. | 6.9 | 0.27% | 2026-04-14 | 2026-06-17 |
| CVE-2026-2401 | CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker. | 2.4 | 0.10% | 2026-04-14 | 2026-06-17 |
| CVE-2026-2400 | CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload. | 5.3 | 0.23% | 2026-04-14 | 2026-06-17 |
| CVE-2026-2399 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload. | 6.9 | 0.20% | 2026-04-14 | 2026-06-17 |
| CVE-2026-2273 | CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file. | 7.2 | 0.22% | 2026-03-10 | 2026-06-23 |
| CVE-2026-1286 | CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file. | 7.0 | 0.33% | 2026-03-10 | 2026-06-24 |