NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2022-2024 | OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | 9.8 | 97.84% | 2023-02-25 | 2024-11-21 |
| CVE-2023-0315 | Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | 8.8 | 97.65% | 2023-01-16 | 2024-11-21 |
| CVE-2023-0297 | Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | 9.8 | 96.99% | 2023-01-14 | 2024-11-21 |
| CVE-2022-0824 | Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | 8.8 | 96.98% | 2022-03-02 | 2024-11-21 |
| CVE-2023-2948 | Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. | 6.1 | 96.73% | 2023-05-28 | 2024-11-21 |
| CVE-2022-2733 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | 6.1 | 95.84% | 2022-08-09 | 2024-11-21 |
| CVE-2022-3562 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | 5.4 | 94.22% | 2022-11-20 | 2024-11-21 |
| CVE-2022-4067 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | 5.4 | 93.71% | 2022-11-20 | 2024-11-21 |
| CVE-2022-4069 | Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | 4.8 | 93.34% | 2022-11-20 | 2024-11-21 |
| CVE-2023-2947 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | 4.8 | 90.79% | 2023-05-27 | 2024-11-21 |
| CVE-2023-6909 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 7.5 | 89.72% | 2023-12-18 | 2024-11-21 |
| CVE-2024-1728 | gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect fil | 7.5 | 85.39% | 2024-04-10 | 2025-07-30 |
| CVE-2024-4990 | In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unaut | 9.1 | 85.12% | 2025-03-20 | 2025-04-01 |
| CVE-2024-3408 | man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, | 9.8 | 77.95% | 2024-06-06 | 2024-11-21 |
| CVE-2022-1179 | Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 5.4 | 76.90% | 2022-03-30 | 2024-11-21 |
| CVE-2023-6019 | A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 | 9.8 | 74.63% | 2023-11-16 | 2024-11-21 |
| CVE-2023-2034 | Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. | 8.8 | 73.25% | 2023-04-14 | 2024-11-21 |
| CVE-2023-3765 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | 10.0 | 70.74% | 2023-07-19 | 2024-11-21 |
| CVE-2023-1177 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | 9.3 | 69.47% | 2023-03-24 | 2024-11-21 |
| CVE-2023-4347 | Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0. | 5.4 | 66.88% | 2023-08-15 | 2024-11-21 |