Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2021-33542

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because o...

Affected Products : config\+ pc_worx pc_worx_express
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-33541

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially...

Affected Products : ilc1x0_firmware ilc1x1_firmware ilc1x0 ilc1x1
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-33540

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists....

Affected Products : axl_f_bk_pn_tps_xc_firmware axl_f_bk_pn_tps_firmware axl_f_bk_eip_firmware axl_f_bk_eip_ef_firmware axl_f_bk_eth_firmware axl_f_bk_eth_xc_firmware axl_f_bk_s35_firmware axl_f_bk_pn_firmware axl_f_bk_pn_xc_firmware axl_f_bk_eth_net2_firmware +26 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
7.2

HIGH

CVE-2021-33539

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local tra...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account ...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-33537

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer,...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-33536

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2021-33535

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting ...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2021-33534

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system command...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2021-33533

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, ...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2021-33532

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system ...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2021-33531

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation o...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2021-33530

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands ...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2021-33529

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device....

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2021-33528

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in s...

Affected Products : ie-wl-bl-ap-cl-eu_firmware ie-wlt-bl-ap-cl-eu_firmware ie-wl-bl-ap-cl-us_firmware ie-wlt-bl-ap-cl-us_firmware ie-wl-vl-ap-br-cl-eu_firmware ie-wlt-vl-ap-br-cl-eu_firmware ie-wl-vl-ap-br-cl-us_firmware ie-wlt-vl-ap-br-cl-us_firmware ie-wl-bl-ap-cl-eu ie-wlt-bl-ap-cl-eu +6 more products
Published: Jun. 25, 2021

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2021-33527

In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with th...

Affected Products : mbdialup
Published: Aug. 02, 2021

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2021-33526

In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the pr...

Affected Products : mbdialup
Published: Aug. 02, 2021

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2021-33525

EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell....

Affected Products : eyesofnetwork
Published: May. 24, 2021

Modified: Nov. 21, 2024
7.2

HIGH

CVE-2021-33523

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploa...

Affected Products : mashzone_nextgen
Published: Mar. 30, 2022

Modified: Nov. 21, 2024
8.1

HIGH

CVE-2021-33516

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using t...

Affected Products : gupnp
Published: May. 24, 2021

Modified: Nov. 21, 2024

Showing 20 of 292803 Results

Browse by Apps

Latest CVE Feed

7.8

7.8

7.5

7.2

9.0

8.8

7.5

8.8

9.0

9.0

9.0

9.0

9.0

7.5

9.0

10.0

7.8

9.0

7.2

8.1

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable