NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2007-10003 | A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected comp | 6.3 | 0.56% | 2023-10-29 | 2024-11-21 |
| CVE-2007-10002 | A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640. | 7.3 | 0.74% | 2023-01-08 | 2024-11-21 |
| CVE-2007-10001 | A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability. | 3.5 | 0.66% | 2023-01-05 | 2024-11-21 |
| CVE-2007-20001 | A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20. | 7.5 | 1.07% | 2022-02-06 | 2024-11-21 |
| CVE-2007-5002 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 該当なし | 0.20% | 2021-07-07 | 2023-11-07 |
| CVE-2007-1857 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 該当なし | 0.22% | 2021-06-21 | 2023-11-07 |
| CVE-2007-3733 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 該当なし | 0.22% | 2021-06-18 | 2023-11-07 |
| CVE-2007-5967 | A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | 6.5 | 0.48% | 2021-05-17 | 2024-11-21 |
| CVE-2007-6749 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 該当なし | 0.24% | 2020-11-05 | 2023-11-07 |
| CVE-2007-6748 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 該当なし | 0.24% | 2020-11-05 | 2023-11-07 |
| CVE-2007-6747 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 該当なし | 0.24% | 2020-11-05 | 2023-11-07 |
| CVE-2007-6758 | Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. | 7.5 | 1.31% | 2020-01-23 | 2024-11-21 |
| CVE-2007-6070 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1382. Reason: This candidate is a reservation duplicate of CVE-2008-1382. Notes: All CVE users should reference CVE-2008-1382 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.24% | 2020-01-17 | 2023-11-07 |
| CVE-2007-4774 | The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process. | 5.9 | 1.74% | 2020-01-15 | 2024-11-21 |
| CVE-2007-4773 | Systrace before 1.6.0 has insufficient escape policy enforcement. | 9.8 | 1.74% | 2020-01-15 | 2024-11-21 |
| CVE-2007-0158 | thttpd 2007 has buffer underflow. | 9.8 | 1.16% | 2019-12-27 | 2024-11-21 |
| CVE-2007-6745 | clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | 9.8 | 2.23% | 2019-11-07 | 2024-11-21 |
| CVE-2007-5743 | viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | 7.5 | 1.10% | 2019-11-07 | 2024-11-21 |
| CVE-2007-3915 | Mondo 2.24 has insecure handling of temporary files. | 9.1 | 1.12% | 2019-11-07 | 2024-11-21 |
| CVE-2007-3732 | In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. | 5.5 | 0.38% | 2019-11-07 | 2024-11-21 |