NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2024-45636 | IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. | 4.1 | 0.01% | 2026-06-11 | 2026-06-11 |
| CVE-2024-32110 | Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2. | 4.3 | 0.03% | 2026-06-11 | 2026-06-11 |
| CVE-2024-21944 | Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity. | 5.3 | 0.14% | 2026-06-10 | 2026-06-11 |
| CVE-2024-58350 | Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory. | 2.1 | 0.01% | 2026-06-10 | 2026-06-11 |
| CVE-2024-56123 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 該当なし | 2026-06-08 | 2026-06-08 |
| CVE-2024-56122 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 該当なし | 2026-06-08 | 2026-06-08 |
| CVE-2024-56121 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 該当なし | 2026-06-08 | 2026-06-08 |
| CVE-2024-56120 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 該当なし | 2026-06-08 | 2026-06-08 |
| CVE-2024-58349 | WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation. | 9.3 | 0.15% | 2026-06-08 | 2026-06-08 |
| CVE-2024-58348 | WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server. | 9.3 | 0.19% | 2026-06-08 | 2026-06-08 |
| CVE-2024-27892 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | 7.2 | 0.14% | 2026-06-04 | 2026-06-05 |
| CVE-2024-27891 | On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied. | 6.9 | 0.12% | 2026-06-04 | 2026-06-05 |
| CVE-2024-27890 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | 7.2 | 0.23% | 2026-06-04 | 2026-06-05 |
| CVE-2024-6858 | In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. | 6.5 | 0.12% | 2026-06-04 | 2026-06-05 |
| CVE-2024-47273 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors. | 4.3 | 0.04% | 2026-06-03 | 2026-06-05 |
| CVE-2024-47263 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information via unspecified vectors. | 4.1 | 0.06% | 2026-06-03 | 2026-06-05 |
| CVE-2024-14036 | Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network can send malformed SDC packets to exhaust CPU resources in the affected process, causing further SDC messages to no longer be processed. | 8.7 | 0.05% | 2026-06-02 | 2026-06-04 |
| CVE-2024-42206 | HCL iReflection Third party vulnerable and outdated components issue was detected in the web application | 3.1 | 0.03% | 2026-06-02 | 2026-06-02 |
| CVE-2024-52011 | launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.9. | 7.5 | 0.06% | 2026-06-01 | 2026-06-02 |
| CVE-2024-40646 | Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal. Users should upgrade to a version containing commit fbde301b97986d5913fc4bc95f5445750d282e11 to receive a patch. | 8.6 | 0.06% | 2026-06-01 | 2026-06-08 |