CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 120 / 31
«« 先頭 « 前へ 1 / 2 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints 9.6 29.64% 2026-06-04 2026-07-01
CVE-2026-3517 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command 8.4 18.24% 2026-04-20 2026-06-17
CVE-2026-2701 Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. 9.1 48.81% 2026-04-02 2026-06-17
CVE-2026-2699 Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. 9.8 49.42% 2026-04-02 2026-06-17
CVE-2025-13447 OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters 8.4 25.39% 2026-01-13 2026-06-17
CVE-2025-13444 OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters 8.4 25.39% 2026-01-13 2026-06-17
CVE-2025-8868 In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. 9.8 22.83% 2025-09-29 2026-06-17
CVE-2025-3600 In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. 7.5 19.06% 2025-05-14 2026-06-17
CVE-2024-12105 In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. 6.5 42.37% 2024-12-31 2026-06-17
CVE-2024-46909 In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. 9.8 49.17% 2024-12-02 2026-06-17
CVE-2024-46906 In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 8.8 40.58% 2024-12-02 2026-06-17
CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above 10.0 44.07% 2024-09-05 2026-06-17
CVE-2024-6671 In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. 9.8 14.89% 2024-08-29 2026-06-17
CVE-2024-6670 KEV In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. 9.8 94.66% 2024-08-29 2026-06-17
CVE-2024-5016 In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.  The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients. 7.2 22.37% 2024-06-25 2026-06-17
CVE-2024-5011 In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service. 7.5 47.09% 2024-06-25 2026-06-17
CVE-2024-5010 In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality.  A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. 7.5 69.95% 2024-06-25 2026-06-17
CVE-2024-5009 In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. 8.4 15.03% 2024-06-25 2026-06-17
CVE-2024-5008 In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. 8.8 17.33% 2024-06-25 2026-06-17
CVE-2024-4885 KEV In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. 9.8 99.29% 2024-06-25 2026-06-17
«« 先頭 « 前へ 1 / 2 次へ »
cvelogic Threat Intelligence