Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-27892 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | 7.2 | N/A | 2026-06-04 | 2026-06-04 |
| CVE-2024-27891 | On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied. | 6.9 | N/A | 2026-06-04 | 2026-06-04 |
| CVE-2024-27890 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | 7.2 | N/A | 2026-06-04 | 2026-06-04 |
| CVE-2024-6858 | In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. | N/A | N/A | 2026-06-04 | 2026-06-04 |
| CVE-2024-47273 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors. | 4.3 | 0.04% | 2026-06-03 | 2026-06-04 |
| CVE-2024-47263 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information via unspecified vectors. | 4.1 | 0.04% | 2026-06-03 | 2026-06-04 |
| CVE-2024-14036 | Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network can send malformed SDC packets to exhaust CPU resources in the affected process, causing further SDC messages to no longer be processed. | 8.7 | 0.04% | 2026-06-02 | 2026-06-04 |
| CVE-2024-42206 | HCL iReflection Third party vulnerable and outdated components issue was detected in the web application | 3.1 | 0.03% | 2026-06-02 | 2026-06-02 |
| CVE-2024-52011 | launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.9. | 7.5 | 0.06% | 2026-06-01 | 2026-06-02 |
| CVE-2024-40646 | Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal. Users should upgrade to a version containing commit fbde301b97986d5913fc4bc95f5445750d282e11 to receive a patch. | 8.6 | 0.05% | 2026-06-01 | 2026-06-01 |
| CVE-2024-47097 | Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do. | 5.1 | 0.17% | 2026-05-28 | 2026-05-28 |
| CVE-2024-47096 | Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do. | 5.1 | 0.17% | 2026-05-28 | 2026-05-28 |
| CVE-2024-56462 | IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system. | 7.2 | 0.05% | 2026-05-27 | 2026-05-27 |
| CVE-2024-40684 | IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.9 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2024-28765 | IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 5.3 | 0.03% | 2026-05-27 | 2026-06-03 |
| CVE-2024-47272 | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | 2.7 | 0.03% | 2026-05-27 | 2026-05-28 |
| CVE-2024-47271 | Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | 4.9 | 0.03% | 2026-05-27 | 2026-05-28 |
| CVE-2024-47270 | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. | 2.7 | 0.03% | 2026-05-27 | 2026-05-28 |
| CVE-2024-47269 | Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | 4.9 | 0.02% | 2026-05-27 | 2026-05-28 |
| CVE-2024-47268 | Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. | 4.9 | 0.03% | 2026-05-27 | 2026-05-28 |