NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2024-8067 | In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified. | 5.8 | 0.20% | 2024-09-25 | 2026-04-15 |
| CVE-2024-5250 | In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations | 3.5 | 0.29% | 2024-07-30 | 2024-11-21 |
| CVE-2024-5249 | In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. | 5.4 | 0.22% | 2024-07-30 | 2024-11-21 |
| CVE-2024-3930 | In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. | 6.3 | 0.31% | 2024-07-30 | 2024-11-21 |
| CVE-2024-6727 | A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application. | 5.4 | 0.31% | 2024-07-29 | 2026-04-15 |
| CVE-2024-6726 | Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE). | 8.8 | 0.74% | 2024-07-29 | 2026-04-15 |
| CVE-2024-3826 | In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality. | 8.6 | 0.34% | 2024-07-02 | 2026-04-15 |
| CVE-2024-3995 | In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. | 2.0 | 0.61% | 2024-06-28 | 2026-04-15 |
| CVE-2024-2796 | A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. | 9.3 | 0.38% | 2024-04-18 | 2026-04-15 |
| CVE-2024-3825 | Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration | 4.3 | 0.17% | 2024-04-17 | 2026-04-15 |
| CVE-2024-0325 | In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. | 3.6 | 0.75% | 2024-02-01 | 2024-11-21 |
| CVE-2023-5759 | In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner. | 7.5 | 0.95% | 2023-11-08 | 2024-11-21 |
| CVE-2023-45849 | An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. | 9.0 | 1.11% | 2023-11-08 | 2024-11-21 |
| CVE-2023-45319 | In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner. | 7.5 | 0.95% | 2023-11-08 | 2024-11-21 |
| CVE-2023-35767 | In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner. | 7.5 | 0.95% | 2023-11-08 | 2024-11-21 |
| CVE-2023-5309 | Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | 6.8 | 0.50% | 2023-11-07 | 2024-11-21 |
| CVE-2023-5214 | In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | 6.5 | 0.37% | 2023-10-06 | 2024-11-21 |
| CVE-2023-5255 | For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. | 4.4 | 0.41% | 2023-10-03 | 2025-11-20 |
| CVE-2023-2530 | A privilege escalation allowing remote code execution was discovered in the orchestration service. | 9.8 | 1.11% | 2023-06-07 | 2025-08-26 |
| CVE-2023-1894 | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. | 5.3 | 0.44% | 2023-05-04 | 2025-01-29 |