NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2024-1801 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | 7.7 | 0.42% | 2024-03-20 | 2026-06-17 |
| CVE-2024-1800 | In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. | 9.9 | 40.38% | 2024-03-20 | 2026-06-17 |
| CVE-2024-1636 | Potential Cross-Site Scripting (XSS) in the page editing area. | 8.0 | 0.40% | 2024-02-28 | 2026-06-17 |
| CVE-2024-1632 | Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. | 8.8 | 0.50% | 2024-02-28 | 2026-06-17 |
| CVE-2024-1474 | In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface. | 7.5 | 0.45% | 2024-02-21 | 2026-06-17 |
| CVE-2024-1403 | In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication. | 10.0 | 3.27% | 2024-02-27 | 2026-06-17 |
| CVE-2024-1212 KEV | Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. | 10.0 | 95.39% | 2024-02-21 | 2026-06-17 |
| CVE-2024-12629 | In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | 4.1 | 0.72% | 2025-02-12 | 2026-06-17 |
| CVE-2024-12251 | In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. | 7.8 | 0.54% | 2025-02-12 | 2026-06-17 |
| CVE-2024-12108 | In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | 9.6 | 6.80% | 2024-12-31 | 2026-06-17 |
| CVE-2024-12106 | In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | 9.4 | 9.44% | 2024-12-31 | 2026-06-17 |
| CVE-2024-12105 | In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | 6.5 | 42.37% | 2024-12-31 | 2026-06-17 |
| CVE-2024-11629 | In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. | 7.1 | 0.36% | 2025-02-12 | 2026-06-17 |
| CVE-2024-11628 | In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | 4.1 | 0.72% | 2025-02-12 | 2026-06-17 |
| CVE-2024-11627 | : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | 6.8 | 0.31% | 2025-01-07 | 2026-06-17 |
| CVE-2024-11626 | Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | 8.4 | 0.34% | 2025-01-07 | 2026-06-17 |
| CVE-2024-11625 | Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | 7.7 | 0.29% | 2025-01-07 | 2026-06-17 |
| CVE-2024-11343 | In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. | 8.3 | 0.60% | 2025-02-12 | 2026-06-17 |
| CVE-2024-10095 | In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. | 8.4 | 0.73% | 2024-12-16 | 2026-06-17 |
| CVE-2024-10013 | In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. | 7.8 | 0.22% | 2024-11-13 | 2026-06-17 |