| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-41100 | Incorrect authentication in ParkingDoor | | |
| CVE-2025-41222 | A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions),... | | |
| CVE-2025-41223 | A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions),... | | |
| CVE-2025-41224 | A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RM... | | |
| CVE-2025-41225 | VMware vCenter Server authenticated command-execution vulnerability | | |
| CVE-2025-41226 | Guest Operations Denial-of-Service Vulnerability | | |
| CVE-2025-41227 | Denial-of-Service Vulnerability | | |
| CVE-2025-41228 | VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-41229 | VMware Cloud Foundation Directory Traversal Vulnerability | | |
| CVE-2025-41230 | VMware Cloud Foundation Information Disclosure Vulnerability | | |
| CVE-2025-41231 | VMware Cloud Foundation Missing Authorisation Vulnerability | | |
| CVE-2025-41232 | CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods | | |
| CVE-2025-41233 | Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. ... | | |
| CVE-2025-41234 | RFD Attack via “Content-Disposition” Header Sourced from Request | | |
| CVE-2025-41235 | CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies | | |
| CVE-2025-41236 | VMXNET3 integer-overflow vulnerability | | |
| CVE-2025-41237 | VMCI integer-underflow vulnerability | | |
| CVE-2025-41238 | PVSCSI heap-overflow vulnerability | | |
| CVE-2025-41239 | vSockets information-disclosure vulnerability | | |
| CVE-2025-41240 | Mounted Kubernetes Secrets under a predictable path located within the web server document root | | |
| CVE-2025-41241 | Denial-of-service vulnerability | | |
| CVE-2025-41242 | CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers | | |
| CVE-2025-41255 | Cyberduck and Mountain Duck - Improper Certificate Store Handling | E | |
| CVE-2025-41256 | Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint | E | |
| CVE-2025-41360 | Uncontrolled resource consumption vulnerability in IDF and ZLF | S | |
| CVE-2025-41361 | Uncontrolled resource consumption vulnerability in IDF and ZLF | S | |
| CVE-2025-41362 | Code injection vulnerability in IDF and ZLF | S | |
| CVE-2025-41363 | CORS vulnerability in IDF and ZLF | S | |
| CVE-2025-41364 | Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF | S | |
| CVE-2025-41365 | Code injection vulnerability in IDF and ZLF | S | |
| CVE-2025-41366 | CORS vulnerability in IDF and ZLF | S | |
| CVE-2025-41367 | Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF | S | |
| CVE-2025-41370 | SQL injection vulnerability in Gandia Integra Total | S | |
| CVE-2025-41371 | SQL injection vulnerability in Gandia Integra Total | S | |
| CVE-2025-41372 | SQL injection vulnerability in Gandia Integra Total | S | |
| CVE-2025-41373 | SQL injection vulnerability in Gandia Integra Total | S | |
| CVE-2025-41374 | SQL injection vulnerability in Gandia Integra Total | S | |
| CVE-2025-41375 | SQL injection vulnerability in Gandia Integra Total | S | |
| CVE-2025-41376 | SQL injection vulnerability in Gandia Integra Total | S | |
| CVE-2025-41377 | SQL injection vulnerability in Gandia Integra Total | S | |
| CVE-2025-41378 | Injection vulnerability in Iridium Certus 700 | S | |
| CVE-2025-41379 | Injection vulnerability in Iridium Certus 700 | S | |
| CVE-2025-41380 | Injection vulnerability in Iridium Certus 700 | S | |
| CVE-2025-41385 | An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an... | | |
| CVE-2025-41388 | Fuji Electric Smart Editor Stack-based Buffer Overflow | S | |
| CVE-2025-41391 | Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user... | | |
| CVE-2025-41392 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Out-of-bounds Read | S | |
| CVE-2025-41393 | Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction pr... | | |
| CVE-2025-41395 | Webapp DoS via malicious retrospective post in Playbooks | S | |
| CVE-2025-41396 | A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary ... | | |
| CVE-2025-41399 | SCTP Vulnerability | | |
| CVE-2025-41403 | SQL Injection | | |
| CVE-2025-41404 | Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If thi... | | |
| CVE-2025-41406 | Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connect... | | |
| CVE-2025-41407 | SQL Injection | | |
| CVE-2025-41413 | Fuji Electric Smart Editor Out-of-bounds Write | S | |
| CVE-2025-41414 | BIG-IP HTTP/2 vulnerability | | |
| CVE-2025-41415 | AVEVA PI Integrator Insertion of Sensitive Information into Sent Data | S | |
| CVE-2025-41418 | Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD record... | | |
| CVE-2025-41420 | A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality... | E | |
| CVE-2025-41423 | Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin | S | |
| CVE-2025-41425 | DuraComm DP-10iN-100-MU Cross-site Scripting | S | |
| CVE-2025-41426 | Vertiv Liebert RDU101 and UNITY Stack-based Buffer Overflow | S | |
| CVE-2025-41427 | WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements u... | | |
| CVE-2025-41428 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeW... | | |
| CVE-2025-41429 | a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE... | | |
| CVE-2025-41431 | TMM Vulnerability | | |
| CVE-2025-41433 | BIG-IP SIP ALG profile vulnerability | | |
| CVE-2025-41437 | Reflected XSS | | |
| CVE-2025-41438 | Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default | S | |
| CVE-2025-41439 | A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Document... | | |
| CVE-2025-41441 | Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may... | | |
| CVE-2025-41442 | Advantech iView Cross-site Scripting | S | |
| CVE-2025-41444 | SQL Injection | | |
| CVE-2025-41450 | Authentication bypass with privileged access in Danfoss AK-SM 8xxA Series prior to version 4.2 | | |
| CVE-2025-41451 | Post-Authentication OS Command Injection RCE in Danfoss AK-SM8xxA Series | | |
| CVE-2025-41452 | Post auth nginx configuration injection in Danfoss AK-SM8xxA Series | | |
| CVE-2025-41458 | Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS | | |
| CVE-2025-41459 | Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS | | |
| CVE-2025-41645 | SMA: Sunny Portal demo system privilege escalation | | |
| CVE-2025-41646 | RevPi Webstatus application is vulnerable to an authentication bypass | | |
| CVE-2025-41647 | Lenze: Plaintext Password Disclosure in PLC Designer V4 Interface | | |
| CVE-2025-41648 | Pilz: Authentication Bypass in IndustrialPI Webstatus | | |
| CVE-2025-41649 | Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches | | |
| CVE-2025-41650 | Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches | | |
| CVE-2025-41651 | Weidmueller: Missing Authentication Vulnerability in Industrial Ethernet Switches | | |
| CVE-2025-41652 | Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches | | |
| CVE-2025-41653 | Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches | | |
| CVE-2025-41654 | PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by information disclosure via the SNMP protocol | | |
| CVE-2025-41655 | PEPPERL+FUCHS: Attacker can cause a DoS via URL | | |
| CVE-2025-41656 | Pilz: Missing Authentication in Node-RED integration | | |
| CVE-2025-41657 | AUMA: Incorrect delivery status of the Bluetooth configuration | | |
| CVE-2025-41658 | CODESYS Toolkit Exposes Sensitive Files via Default Permissions | | |
| CVE-2025-41659 | CODESYS Control PKI Exposure Enables Remote Certificate Access | | |
| CVE-2025-41661 | Weidmueller: Security routers IE-SR-2TX are affected by CSRF | | |
| CVE-2025-41662 | Rejected reason: CVE-2025-41662 is considered redundant or unnecessary and thus should be withdrawn.... | R | |
| CVE-2025-41663 | Weidmueller: Security routers IE-SR-2TX are affected by Command Injection | | |
| CVE-2025-41665 | Phoenix Contact: DoS of the PLC due to incorrect default permissions possible | | |
| CVE-2025-41666 | Phoenix Contact: File access due to the replacement of a critical file used by the watchdog | | |
| CVE-2025-41667 | Phoenix Contact: File access due to the replacement of a critical file used by the arp-preinit script | | |
| CVE-2025-41668 | Phoenix Contact: File access due to the replacement of a critical file used by the service security-profile | | |
| CVE-2025-41672 | WAGO: Vulnerability in WAGO Device Sphere | | |
| CVE-2025-41673 | Remote Command Injection in send_sms Action Due to Improper Input Neutralization | | |
| CVE-2025-41674 | Remote Command Injection in diagnostic Action Due to Improper Input Neutralization | | |
| CVE-2025-41675 | Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization | | |
| CVE-2025-41676 | Resource Exhaustion via POST Requests to send-sms Action | | |
| CVE-2025-41677 | Resource Exhaustion via POST Requests to send-mail Action | | |
| CVE-2025-41678 | SQL Injection via POST Requests Allowing Configuration Database Manipulation | | |
| CVE-2025-41679 | Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service | | |
| CVE-2025-41681 | Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input | | |
| CVE-2025-41683 | Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint | | |
| CVE-2025-41684 | Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint | | |
| CVE-2025-41685 | SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user | | |
| CVE-2025-41686 | Improper File Permissions Allow Local Privilege Escalation | | |
| CVE-2025-41687 | Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API | | |
| CVE-2025-41688 | High Privilege RCE via LUA Sandbox Escape | | |
| CVE-2025-41689 | Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access | | |
| CVE-2025-41691 | CODESYS Control DoS via Unauthenticated NULL Pointer Dereference | | |
| CVE-2025-41698 | Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization | | |
| CVE-2025-41702 | egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass | |