CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 141160 / 1551
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-22189 Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. 5.9 0.66% 2021-03-04 2026-06-16
CVE-2021-22190 A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token 8.5 1.32% 2021-04-12 2026-06-16
CVE-2021-22191 Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 6.3 3.64% 2021-03-15 2026-06-16
CVE-2021-22192 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. 9.9 13.11% 2021-03-24 2026-06-16
CVE-2021-22193 An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. 3.5 0.99% 2021-03-24 2026-06-16
CVE-2021-22194 In all versions of GitLab, marshalled session keys were being stored in Redis. 5.7 0.19% 2021-03-26 2026-06-16
CVE-2021-22195 Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system 8.6 1.14% 2021-04-01 2026-06-16
CVE-2021-22196 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. 6.3 0.94% 2021-04-02 2026-06-16
CVE-2021-22197 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other 3.5 0.84% 2021-04-02 2026-06-16
CVE-2021-22198 An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. 4.3 1.08% 2021-04-02 2026-06-16
CVE-2021-22199 An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used. 3.5 0.79% 2021-04-22 2026-06-16
CVE-2021-22200 An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. 5.9 1.00% 2021-04-02 2026-06-16
CVE-2021-22201 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. 9.6 3.07% 2021-04-02 2026-06-16
CVE-2021-22202 An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. 2.4 0.48% 2021-04-02 2026-06-16
CVE-2021-22203 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. 7.5 1.39% 2021-04-02 2026-06-16
CVE-2021-22204 KEV Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image 6.8 99.98% 2021-04-23 2026-06-16
CVE-2021-22205 KEV An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. 10.0 99.73% 2021-04-23 2026-06-16
CVE-2021-22206 An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, 6.8 1.03% 2021-05-06 2026-06-16
CVE-2021-22207 Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file 5.5 2.02% 2021-04-23 2026-06-16
CVE-2021-22208 An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. 4.3 0.76% 2021-05-06 2026-06-16
cvelogic Threat Intelligence