CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 2140 / 94
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-3995 In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. 2.0 0.61% 2024-06-28 2026-06-17
CVE-2024-3930 In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. 6.3 0.31% 2024-07-30 2026-06-17
CVE-2024-3826 In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality. 8.6 0.34% 2024-07-02 2026-06-17
CVE-2024-3825 Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration 4.3 0.17% 2024-04-17 2026-06-17
CVE-2024-2796 A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. 9.3 0.38% 2024-04-18 2026-06-17
CVE-2024-11084 Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists. 6.3 0.39% 2025-04-15 2026-06-17
CVE-2024-10345 In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek. 8.7 0.47% 2024-11-11 2026-06-17
CVE-2024-10344 In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek. 8.7 0.47% 2024-11-11 2026-06-17
CVE-2024-10315 In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. 6.9 0.32% 2024-11-11 2026-06-17
CVE-2024-10314 In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek. 8.7 0.47% 2024-11-11 2026-06-17
CVE-2024-0325 In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.   3.6 0.75% 2024-02-01 2026-06-17
CVE-2023-5759 In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.   7.5 0.95% 2023-11-08 2026-06-17
CVE-2023-5309 Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. 6.8 0.50% 2023-11-07 2026-06-17
CVE-2023-5255 For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. 4.4 0.41% 2023-10-03 2026-06-17
CVE-2023-5214 In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. 6.5 0.37% 2023-10-06 2026-06-17
CVE-2023-45849 An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. 9.0 1.11% 2023-11-08 2026-06-17
CVE-2023-45319 In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.  7.5 0.95% 2023-11-08 2026-06-17
CVE-2023-35767 In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.   7.5 0.95% 2023-11-08 2026-06-17
CVE-2023-2530 A privilege escalation allowing remote code execution was discovered in the orchestration service. 9.8 1.11% 2023-06-07 2026-06-17
CVE-2023-1894 A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. 5.3 0.44% 2023-05-04 2026-06-17
cvelogic Threat Intelligence