聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2023-4701 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the vendor eventually states that this issue is identical to CVE-2023-3935 | 無 | 0.04% | 2023-09-13 | 2023-11-06 |
| CVE-2023-39170 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it's a duplicate of CVE-2023-39169. | 無 | 0.04% | 2023-12-07 | 2023-12-07 |
| CVE-2023-3378 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 無 | 0.04% | 2023-09-15 | 2023-11-06 |
| CVE-2023-0115 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 無 | 0.04% | 2023-02-01 | 2023-11-06 |
| CVE-2022-28817 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: No impact could be verified. Notes: none | 無 | 0.04% | 2022-08-23 | 2023-11-06 |
| CVE-2022-22507 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | 無 | 0.04% | 2023-07-02 | 2023-11-06 |
| CVE-2021-46388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: The issue is not a vulnerability (fails CNT2) - Has no impact on availability, integrity or confidence as only documented html templates are shown without additional data or the option to store changes. Notes | 無 | 0.04% | 2022-02-16 | 2023-11-06 |
| CVE-2021-46380 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: This is a duplicate to CVE-2022-22511 Notes | 無 | 0.04% | 2022-03-04 | 2023-11-06 |
| CVE-2021-34604 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. It is a duplicate of CVE-2022-22514. Notes: none | 無 | 0.04% | 2022-06-24 | 2023-11-06 |
| CVE-2025-41743 | Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes. | 4.0 | 0.05% | 2025-12-02 | 2026-06-17 |
| CVE-2025-41686 | A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access. | 7.8 | 0.05% | 2025-08-12 | 2026-06-17 |
| CVE-2025-24006 | A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. | 7.8 | 0.05% | 2025-07-08 | 2026-06-17 |
| CVE-2025-41698 | A low privileged local attacker can interact with the affected service although user-interaction should not be allowed. | 7.8 | 0.06% | 2025-08-05 | 2026-06-17 |
| CVE-2025-2810 | A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key. | 5.5 | 0.06% | 2025-08-05 | 2026-06-17 |
| CVE-2025-41658 | CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. | 5.5 | 0.06% | 2025-08-04 | 2026-06-17 |
| CVE-2025-41662 | Rejected reason: CVE-2025-41662 is considered redundant or unnecessary and thus should be withdrawn. Instead, a new CVE CVE-2025-41687 has been reserved to better reflect the updated analysis. | 無 | 0.07% | 2025-06-11 | 2025-07-23 |
| CVE-2025-24005 | A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. | 7.8 | 0.07% | 2025-07-08 | 2026-06-17 |
| CVE-2024-45273 | An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. | 8.4 | 0.07% | 2024-10-15 | 2026-06-17 |
| CVE-2025-41762 | An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates. | 6.2 | 0.08% | 2026-03-09 | 2026-06-17 |
| CVE-2022-4048 | Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application. | 7.7 | 0.08% | 2023-05-15 | 2026-06-17 |