聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2021-33544 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | 7.2 | 95.55% | 2021-09-13 | 2026-06-16 |
| CVE-2021-33543 | Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. | 9.8 | 82.07% | 2021-09-13 | 2026-06-16 |
| CVE-2023-1698 | In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. | 9.8 | 82.04% | 2023-05-15 | 2026-06-17 |
| CVE-2021-33549 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. | 7.2 | 66.19% | 2021-09-13 | 2026-06-16 |
| CVE-2021-33554 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | 7.2 | 57.05% | 2021-09-13 | 2026-06-16 |
| CVE-2021-33550 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | 7.2 | 57.05% | 2021-09-13 | 2026-06-16 |
| CVE-2021-33548 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | 7.2 | 57.05% | 2021-09-13 | 2026-06-16 |
| CVE-2021-33553 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | 7.2 | 48.81% | 2021-09-13 | 2026-06-16 |
| CVE-2021-33552 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | 7.2 | 48.81% | 2021-09-13 | 2026-06-16 |
| CVE-2021-33551 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | 7.2 | 48.81% | 2021-09-13 | 2026-06-16 |
| CVE-2025-41646 | An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device | 9.8 | 40.73% | 2025-06-06 | 2026-06-17 |
| CVE-2020-12513 | Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. | 7.5 | 31.11% | 2021-01-22 | 2026-06-16 |
| CVE-2020-12503 | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. | 7.2 | 23.28% | 2020-10-15 | 2026-06-16 |
| CVE-2020-12497 | PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. | 7.8 | 14.67% | 2020-07-01 | 2026-06-16 |
| CVE-2021-34586 | In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | 7.5 | 13.08% | 2021-10-26 | 2026-06-16 |
| CVE-2025-41656 | An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default. | 10.0 | 9.95% | 2025-07-01 | 2026-06-17 |
| CVE-2025-41752 | An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is | 7.1 | 8.55% | 2025-12-09 | 2026-06-17 |
| CVE-2025-41751 | An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is | 7.1 | 8.55% | 2025-12-09 | 2026-06-17 |
| CVE-2025-41750 | An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is | 7.1 | 8.55% | 2025-12-09 | 2026-06-17 |
| CVE-2025-41748 | An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is | 7.1 | 8.55% | 2025-12-09 | 2026-06-17 |