NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2021-3603 | PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validato | 8.1 | 2.26% | 2021-06-17 | 2024-11-21 |
| CVE-2021-3647 | URI.js is vulnerable to URL Redirection to Untrusted Site | 6.1 | 0.91% | 2021-07-16 | 2024-11-21 |
| CVE-2021-3649 | chatwoot is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 1.22% | 2021-07-16 | 2024-11-21 |
| CVE-2021-3663 | firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | 7.5 | 0.71% | 2021-07-25 | 2024-11-21 |
| CVE-2021-3664 | url-parse is vulnerable to URL Redirection to Untrusted Site | 5.3 | 1.83% | 2021-07-26 | 2024-11-21 |
| CVE-2021-3680 | showdoc is vulnerable to Missing Cryptographic Step | 4.9 | 0.46% | 2021-08-04 | 2024-11-21 |
| CVE-2021-3678 | showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | 5.9 | 1.06% | 2021-08-04 | 2024-11-21 |
| CVE-2021-3689 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 7.5 | 1.90% | 2021-08-10 | 2024-11-21 |
| CVE-2021-3692 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 5.3 | 1.70% | 2021-08-10 | 2024-11-21 |
| CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.8 | 3.01% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3694 | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.2 | 2.39% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3728 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.48% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3729 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 | 0.39% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3730 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.46% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3731 | LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions. | 5.9 | 1.07% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3734 | yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 8.8 | 0.39% | 2021-08-26 | 2024-11-21 |
| CVE-2021-3749 | axios is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 7.93% | 2021-08-31 | 2024-11-21 |
| CVE-2021-3757 | immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | 1.60% | 2021-09-02 | 2024-11-21 |
| CVE-2021-3758 | bookstack is vulnerable to Server-Side Request Forgery (SSRF) | 6.5 | 0.77% | 2021-09-02 | 2024-11-21 |
| CVE-2021-32568 | mrdoc is vulnerable to Deserialization of Untrusted Data | 7.8 | 0.80% | 2021-09-06 | 2024-11-21 |