CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 116 results
«« First « Prev Page 1 / 6 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2022-23744 Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. 2.3 4.35% 2022-07-07 2026-06-17
CVE-2024-52887 Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. 3.5 0.18% 2025-04-27 2026-06-17
CVE-2026-48136 When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC). 4.1 4.10% 2026-05-26 2026-06-17
CVE-2019-8458 Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. 4.4 0.97% 2019-06-20 2026-06-16
CVE-2024-52885 The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway. 5.0 0.46% 2025-08-06 2026-06-17
CVE-2026-48135 A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation. 5.3 2.61% 2026-05-26 2026-06-17
CVE-2024-24911 In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache. 5.3 0.37% 2025-02-06 2026-06-17
CVE-2021-30357 SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access. 5.3 22.79% 2021-06-08 2026-06-16
CVE-2024-52888 For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. 5.4 0.25% 2025-04-27 2026-06-17
CVE-2020-6022 Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware. 5.5 0.31% 2020-10-27 2026-06-16
CVE-2020-6015 Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. 5.5 0.34% 2020-11-05 2026-06-16
CVE-2019-8453 Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client. 5.5 0.32% 2019-04-17 2026-06-16
CVE-2018-20251 In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folde 5.5 31.53% 2019-02-05 2026-06-16
CVE-2017-8314 Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. 5.5 2.52% 2017-05-23 2026-06-16
CVE-2017-8313 Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. 5.5 1.48% 2017-05-23 2026-06-16
CVE-2017-8312 Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. 5.5 1.36% 2017-05-23 2026-06-16
CVE-2017-8310 Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. 5.5 1.26% 2017-05-23 2026-06-16
CVE-2026-48134 When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly. Exposure is reduced if the UserCheck Portal is not acces 5.6 4.36% 2026-05-26 2026-06-17
CVE-2019-8456 Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. 5.9 20.39% 2019-04-09 2026-06-16
CVE-2024-24915 Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them. 6.1 0.18% 2025-06-29 2026-06-17
«« First « Prev Page 1 / 6 Next »
cvelogic Threat Intelligence