17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 13101-13150 of 17282 CVEs Page 263 of 346
CVE-2025-41731
7.4
Unknown Multiple Products

A vulnerability was identified in the password generation algorithm when accessing the debug-interface

2025-11-11
CVE-2025-41730
8.8
Unknown Multiple Products

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buf...

2025-12-11
CVE-2025-41729
Analyzed
7.5
Unknown Multiple Products

An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service

2025-11-25
CVE-2025-41727
7.8
Device Multiple Products

A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and...

2026-01-28
CVE-2025-41726
8.8
Device Multiple Products

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via...

2026-01-28
CVE-2025-41724
7.5
Unknown Multiple Products

An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests

2025-10-22
CVE-2025-41723
Analyzed
9.8
Intel Multiple Products

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload fi...

2025-10-22
CVE-2025-41722
7.5
Unknown Multiple Products

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages

2025-10-22
CVE-2025-41719
8.8
Unknown Multiple Products

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to...

2025-10-22
CVE-2025-41717
Analyzed
8.8
Unknown Multiple Products

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code...

2026-01-13
CVE-2025-41715
Analyzed
9.8
Intel Multiple Products

The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and po...

2025-09-24
CVE-2025-41714
8.8
Unknown Multiple Products

The upload endpoint insufficiently validates the 'Upload-Key' request header

2025-09-10
CVE-2025-41709
Analyzed
9.8
Unknown Multiple Products

A critical vulnerability exists in a specific component of various products, allowing an attacker to cause a major impact via an unspecified vector. T...

2026-03-11
CVE-2025-41708
7.4
Unknown Multiple Products

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface

2025-09-08
CVE-2025-41702
Analyzed
9.8
Unknown Multiple Products

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid H...

2025-08-26
CVE-2025-41701
7.8
Unknown Multiple Products

An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affect...

2025-09-09
CVE-2025-41700
7.8
Unknown Multiple Products

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a COD...

2025-12-02
CVE-2025-41699
8.8
Unknown Multiple Products

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as r...

2025-10-14
CVE-2025-41698
7.8
Unknown Multiple Products

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed

2025-08-05
CVE-2025-41691
Analyzed
7.5
Unknown Multiple Products

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted...

2025-08-05
CVE-2025-41690
7.4
Unknown Multiple Products

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event...

2025-09-02
CVE-2025-41688
Analyzed
7.2
Unknown Multiple Products

A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox

2025-07-31
CVE-2025-41687
Analyzed
9.8
Unknown Multiple Products

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

2025-07-23
CVE-2025-41686
7.8
Unknown Multiple Products

A low-privileged local attacker can exploit improper permissions on nssm

2025-08-12
CVE-2025-41684
Analyzed
8.8
Unknown Multiple Products

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user in...

2025-07-23
CVE-2025-41683
8.8
Unknown Multiple Products

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user in...

2025-07-23
CVE-2025-41682
Analyzed
8.8
Unknown Multiple Products

An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password

2025-09-08
CVE-2025-41672
Analyzed
10
Unknown Multiple Products

A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.

2025-07-07
CVE-2025-41669
Analyzed
8.8
Phoenix Contact PLCnext

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store witho...

2026-05-27
CVE-2025-41668
8.8
Unknown Multiple Products

A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and ex...

2025-07-08
CVE-2025-41667
8.8
Unknown Multiple Products

A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to...

2025-07-08
CVE-2025-41666
8.8
Unknown Multiple Products

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file o...

2025-07-08
CVE-2025-41664
Analyzed
7.5
Unknown Multiple Products

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission h...

2025-09-08
CVE-2025-41660
8.8
Unknown Multiple Products

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code executi...

2026-03-24
CVE-2025-41659
Analyzed
8.3
Unknown Multiple Products

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys

2025-08-05
CVE-2025-41656
Analyzed
10
Pilz GmbH & Co. KG IndustrialPI 4 with Firmware Bullseye

An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED...

2025-07-06
CVE-2025-41648
Analyzed
9.8
Unknown Multiple Products

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all ava...

2025-07-06
CVE-2025-41459
7.8
Studio Multiple Products

Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5

2025-07-22
CVE-2025-41430
7.5
Unknown Multiple Products

When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate

2025-10-16
CVE-2025-41425
8.1
DuraComm Multiple Products

DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack

2025-07-23
CVE-2025-41420
Analyzed
9.6
Unknown Multiple Products

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954f...

2025-07-25
CVE-2025-41392
Analyzed
7.8
Intel Multiple Products

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12

2025-08-19
CVE-2025-41390
Analyzed
7.8
Unknown Multiple Products

An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co

2025-10-20
CVE-2025-41368
8.1
HTTP Multiple Products

Problem in the Small HTTP Server v3

2026-03-28
CVE-2025-41359
7.8
HTTP Multiple Products

Vulnerability related to an unquoted service path in Small HTTP Server 3

2026-03-28
CVE-2025-41258
8
LibreChat Multiple Products

LibreChat version 0

2026-03-19
CVE-2025-41253
Analyzed
7.5
Cloud Multiple Products

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties t...

2025-10-16
CVE-2025-41252
Analyzed
7.5
VMware Multiple Products

Description: VMware NSX contains a username enumeration vulnerability

2025-09-29
CVE-2025-41251
Analyzed
8.1
VMware Multiple Products

VMware NSX contains a weak password recovery mechanism vulnerability

2025-09-29
CVE-2025-41250
Analyzed
8.5
VMware Multiple Products

VMware vCenter contains an SMTP header injection vulnerability

2025-09-29