Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (3 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-41727 1 Beckhoff 4 Beckhoff.device.manager.xar, Mdp Package, Twincat and 1 more 2026-01-27 7.8 High
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
CVE-2025-41726 1 Beckhoff 4 Beckhoff.device.manager.xar, Mdp Package, Twincat and 1 more 2026-01-27 8.8 High
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
CVE-2025-41728 1 Beckhoff 4 Beckhoff.device.manager.xar, Mdp Package, Twincat and 1 more 2026-01-27 5.3 Medium
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.