CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 120751 筆結果
«« 第一頁 « 上一頁 第 1 / 38 頁 下一頁 »
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2021-33544 Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 7.2 95.55% 2021-09-13 2026-06-16
CVE-2021-33543 Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. 9.8 82.07% 2021-09-13 2026-06-16
CVE-2023-1698 In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. 9.8 82.04% 2023-05-15 2026-06-17
CVE-2021-33549 Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. 7.2 66.19% 2021-09-13 2026-06-16
CVE-2021-33554 Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 7.2 57.05% 2021-09-13 2026-06-16
CVE-2021-33550 Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 7.2 57.05% 2021-09-13 2026-06-16
CVE-2021-33548 Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 7.2 57.05% 2021-09-13 2026-06-16
CVE-2021-33553 Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 7.2 48.81% 2021-09-13 2026-06-16
CVE-2021-33552 Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 7.2 48.81% 2021-09-13 2026-06-16
CVE-2021-33551 Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 7.2 48.81% 2021-09-13 2026-06-16
CVE-2025-41646 An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device 9.8 40.73% 2025-06-06 2026-06-17
CVE-2020-12513 Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. 7.5 31.11% 2021-01-22 2026-06-16
CVE-2020-12503 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. 7.2 23.28% 2020-10-15 2026-06-16
CVE-2020-12497 PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. 7.8 14.67% 2020-07-01 2026-06-16
CVE-2021-34586 In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. 7.5 13.08% 2021-10-26 2026-06-16
CVE-2025-41656 An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default. 10.0 9.95% 2025-07-01 2026-06-17
CVE-2025-41752 An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is 7.1 8.55% 2025-12-09 2026-06-17
CVE-2025-41751 An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is 7.1 8.55% 2025-12-09 2026-06-17
CVE-2025-41750 An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is 7.1 8.55% 2025-12-09 2026-06-17
CVE-2025-41748 An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is 7.1 8.55% 2025-12-09 2026-06-17
«« 第一頁 « 上一頁 第 1 / 38 頁 下一頁 »
cvelogic Threat Intelligence