聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2025-46748 | An authenticated user attempting to change their password could do so without using the current password. | 2.7 | 0.20% | 2025-05-12 | 2026-06-17 |
| CVE-2025-46744 | An authenticated administrator could modify the Created By username for a user account | 2.7 | 0.20% | 2025-05-12 | 2026-06-17 |
| CVE-2025-48015 | Failed login response could be different depending on whether the username was local or central. | 3.7 | 0.20% | 2025-05-20 | 2026-06-17 |
| CVE-2023-31152 | An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.0 | 0.36% | 2023-05-10 | 2026-06-17 |
| CVE-2023-2264 | An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details. | 4.0 | 0.21% | 2023-11-30 | 2026-06-17 |
| CVE-2023-31166 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.1 | 0.59% | 2023-05-10 | 2026-06-17 |
| CVE-2025-48016 | OpenFlow discovery protocol can exhaust resources because it is not rate limited | 4.3 | 0.18% | 2025-05-20 | 2026-06-17 |
| CVE-2025-46749 | An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution. | 4.3 | 0.22% | 2025-05-12 | 2026-06-17 |
| CVE-2025-46742 | Users who were required to change their password could still access system information before changing their password | 4.3 | 0.17% | 2025-05-12 | 2026-06-17 |
| CVE-2023-31177 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix A dated 20230830 for more details. | 4.3 | 0.48% | 2023-11-30 | 2026-06-17 |
| CVE-2023-31165 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |
| CVE-2023-31164 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |
| CVE-2023-31163 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |
| CVE-2023-31160 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |
| CVE-2023-31159 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |
| CVE-2023-31158 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |
| CVE-2023-31157 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |
| CVE-2023-31156 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |
| CVE-2023-31155 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |
| CVE-2023-31154 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | 0.44% | 2023-05-10 | 2026-06-17 |