NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2008-20003 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 該当なし | 該当なし | 2026-04-22 | 2026-04-22 |
| CVE-2008-20002 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 該当なし | 該当なし | 2026-04-22 | 2026-04-22 |
| CVE-2008-20001 | activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings. | 7.5 | 61.20% | 2025-08-30 | 2026-04-15 |
| CVE-2008-7260 | Rejected reason: This candidate is unused by its CNA. | 該当なし | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2008-7259 | Rejected reason: This candidate is unused by its CNA. | 該当なし | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2008-10004 | A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 | 6.3 | 0.34% | 2023-03-06 | 2024-11-21 |
| CVE-2008-10003 | A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288. | 6.3 | 0.35% | 2023-03-05 | 2024-11-21 |
| CVE-2008-10002 | A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. | 3.5 | 0.49% | 2023-03-05 | 2024-11-21 |
| CVE-2008-10001 | A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | 5.5 | 0.21% | 2022-03-28 | 2024-11-21 |
| CVE-2008-1879 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 該当なし | 0.20% | 2021-07-07 | 2023-11-07 |
| CVE-2008-2660 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none | 該当なし | 0.22% | 2021-06-11 | 2023-11-07 |
| CVE-2008-1239 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none | 該当なし | 0.22% | 2021-06-11 | 2023-11-07 |
| CVE-2008-0885 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none | 該当なし | 0.22% | 2021-06-11 | 2023-11-07 |
| CVE-2008-2544 | Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. | 5.5 | 0.04% | 2021-05-27 | 2024-11-21 |
| CVE-2008-5509 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2008-5508. Reason: This candidate is a duplicate of CVE-2008-5508. Notes: All CVE users should reference CVE-2008-5508 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.22% | 2021-05-26 | 2023-11-07 |
| CVE-2008-5085 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA | 該当なし | 0.22% | 2021-05-26 | 2023-11-07 |
| CVE-2008-5084 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA | 該当なし | 0.22% | 2021-05-26 | 2023-11-07 |
| CVE-2008-3523 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA | 該当なし | 0.22% | 2021-05-26 | 2023-11-07 |
| CVE-2008-3280 | It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs. | 5.9 | 5.92% | 2021-05-21 | 2024-11-21 |
| CVE-2008-7308 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 該当なし | 0.24% | 2020-11-05 | 2023-11-07 |