CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 120 / 315
«« 先頭 « 前へ 1 / 16 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2017-1002150 python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection 6.1 0.81% 2017-09-14 2026-06-16
CVE-2017-1002151 Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization 7.5 1.06% 2017-09-14 2026-06-16
CVE-2017-1002152 Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. 6.1 0.78% 2019-01-10 2026-06-16
CVE-2017-1002153 Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. 7.5 1.14% 2017-10-06 2026-06-16
CVE-2017-1002157 modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. 9.8 2.80% 2019-01-10 2026-06-16
CVE-2018-1002150 Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. 9.1 1.67% 2018-04-04 2026-06-16
CVE-2020-15853 supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time. 5.3 0.60% 2022-10-18 2026-06-16
CVE-2020-15855 Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. 6.1 0.40% 2022-10-07 2026-06-16
CVE-2021-30469 A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. 5.5 0.70% 2021-05-26 2026-06-16
CVE-2021-30470 A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. 5.5 0.69% 2021-05-26 2026-06-16
CVE-2021-30471 A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. 5.5 0.73% 2021-05-26 2026-06-16
CVE-2021-30472 A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. 7.8 0.76% 2021-05-26 2026-06-16
CVE-2021-32490 A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. 7.8 0.91% 2021-06-24 2026-06-16
CVE-2021-32491 A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. 7.8 0.88% 2021-06-24 2026-06-16
CVE-2021-32492 A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. 7.8 0.93% 2021-06-24 2026-06-16
CVE-2021-32493 A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. 7.8 1.00% 2021-06-24 2026-06-16
CVE-2021-32494 Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. 10.0 0.84% 2023-07-07 2026-06-16
CVE-2021-32495 Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. 10.0 0.76% 2023-07-07 2026-06-16
CVE-2021-32613 In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. 5.5 1.16% 2021-05-14 2026-06-16
CVE-2021-32614 A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc'ed bound. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution. 7.1 0.91% 2021-05-26 2026-06-16
«« 先頭 « 前へ 1 / 16 次へ »
cvelogic Threat Intelligence