Export limit exceeded: 360149 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46847 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22987 | 1 Advantech | 2 Adam-3600, Adam-3600 Firmware | 2025-04-16 | 9.8 Critical |
| The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | ||||
| CVE-2022-21146 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2025-04-16 | 6.3 Medium |
| Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history. | ||||
| CVE-2022-24432 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2025-04-16 | 5.5 Medium |
| Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). | ||||
| CVE-2021-27416 | 1 Hitachienergy | 1 Ellipse Enterprise Asset Management | 2025-04-16 | 5.5 Medium |
| An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. | ||||
| CVE-2022-25246 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2025-04-16 | 9.8 Critical |
| Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system. | ||||
| CVE-2020-25180 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2025-04-16 | 5.3 Medium |
| Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. | ||||
| CVE-2020-25193 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2025-04-16 | 5.3 Medium |
| By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | ||||
| CVE-2021-27418 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2025-04-16 | 5.3 Medium |
| GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings. | ||||
| CVE-2020-25158 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2025-04-16 | 7.6 High |
| A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. | ||||
| CVE-2020-25168 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2025-04-16 | 3.3 Low |
| Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. | ||||
| CVE-2021-32927 | 1 Uffizio | 1 Gps Tracker | 2025-04-16 | 7.1 High |
| An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker. | ||||
| CVE-2021-27442 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2025-04-16 | 9.4 Critical |
| The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code. | ||||
| CVE-2021-33001 | 1 Xarrow | 1 Xarrow | 2025-04-16 | 6.1 Medium |
| xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code. | ||||
| CVE-2021-33021 | 1 Xarrow | 1 Xarrow | 2025-04-16 | 6.1 Medium |
| xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code. | ||||
| CVE-2021-33025 | 1 Xarrow | 1 Xarrow | 2025-04-16 | 5.6 Medium |
| xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. | ||||
| CVE-2021-32962 | 1 Aggsoft | 1 Webserver | 2025-04-16 | 8.2 High |
| The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-32989 | 1 Lcds | 1 Laquis Scada | 2025-04-16 | 9.3 Critical |
| When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. | ||||
| CVE-2021-33016 | 1 Kuka | 3 Kr C4, Kr C4 Firmware, Kss | 2025-04-16 | 9.8 Critical |
| An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | ||||
| CVE-2020-36547 | 1 Ge | 2 Voluson S8, Voluson S8 Firmware | 2025-04-16 | 5.9 Medium |
| A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings. | ||||
| CVE-2022-2254 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2025-04-16 | 6.2 Medium |
| A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. | ||||