Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-13946 | MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service | 5.5 | 0.12% | 2025-12-03 | 2026-06-17 |
| CVE-2026-6869 | WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.12% | 2026-04-30 | 2026-06-17 |
| CVE-2026-6529 | iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.12% | 2026-04-30 | 2026-06-17 |
| CVE-2026-6527 | ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.12% | 2026-04-30 | 2026-06-17 |
| CVE-2025-13945 | HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service | 5.5 | 0.13% | 2025-12-03 | 2026-06-17 |
| CVE-2026-5407 | SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.14% | 2026-04-30 | 2026-06-17 |
| CVE-2026-6535 | Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.14% | 2026-04-30 | 2026-06-17 |
| CVE-2026-6528 | TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service | 5.5 | 0.14% | 2026-04-30 | 2026-06-17 |
| CVE-2026-6521 | OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.14% | 2026-04-30 | 2026-06-17 |
| CVE-2026-5409 | Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.14% | 2026-04-30 | 2026-06-17 |
| CVE-2026-5408 | BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.14% | 2026-04-30 | 2026-06-17 |
| CVE-2026-6883 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records. | 2.6 | 0.15% | 2026-05-14 | 2026-06-17 |
| CVE-2026-6533 | Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.15% | 2026-04-30 | 2026-06-17 |
| CVE-2026-3254 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox. | 3.5 | 0.15% | 2026-04-22 | 2026-06-17 |
| CVE-2026-4527 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due to missing CSRF protection. | 6.5 | 0.15% | 2026-05-14 | 2026-06-17 |
| CVE-2025-1754 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage. | 5.3 | 0.15% | 2025-06-26 | 2026-06-17 |
| CVE-2026-3203 | RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | 5.5 | 0.16% | 2026-02-25 | 2026-06-17 |
| CVE-2026-3202 | NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service | 4.7 | 0.16% | 2026-02-25 | 2026-06-17 |
| CVE-2025-5990 | An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input. | 7.6 | 0.16% | 2025-06-15 | 2026-06-17 |
| CVE-2026-6870 | GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | 0.16% | 2026-04-30 | 2026-06-17 |