Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-5121 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group. | 8.5 | 7.52% | 2025-06-20 | 2026-06-17 |
| CVE-2021-39926 | Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file | 7.5 | 7.50% | 2021-11-19 | 2026-06-17 |
| CVE-2024-5655 | An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances. | 9.6 | 7.47% | 2024-06-26 | 2026-06-17 |
| CVE-2025-4278 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover. | 8.7 | 6.58% | 2025-06-12 | 2026-06-17 |
| CVE-2022-1940 | A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues | 7.7 | 6.33% | 2022-06-06 | 2026-06-17 |
| CVE-2024-6385 | An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | 9.6 | 6.04% | 2024-07-11 | 2026-06-17 |
| CVE-2025-14700 | An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection. | 9.9 | 6.00% | 2025-12-16 | 2026-06-17 |
| CVE-2021-39928 | NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | 7.5 | 5.50% | 2021-11-18 | 2026-06-17 |
| CVE-2021-39922 | Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | 7.5 | 5.18% | 2021-11-19 | 2026-06-17 |
| CVE-2023-2478 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project. | 9.6 | 5.04% | 2023-05-08 | 2026-06-17 |
| CVE-2021-39924 | Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | 7.5 | 4.93% | 2021-11-19 | 2026-06-17 |
| CVE-2020-26422 | Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | 3.7 | 4.67% | 2020-12-21 | 2026-06-16 |
| CVE-2023-1992 | RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | 6.3 | 4.62% | 2023-04-12 | 2026-06-17 |
| CVE-2023-5612 | An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. | 5.3 | 4.39% | 2024-01-25 | 2026-06-17 |
| CVE-2023-1993 | LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | 6.3 | 4.09% | 2023-04-12 | 2026-06-17 |
| CVE-2020-13288 | In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page | 5.5 | 4.04% | 2020-08-12 | 2026-06-16 |
| CVE-2021-4185 | Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | 7.5 | 3.88% | 2021-12-30 | 2026-06-17 |
| CVE-2021-4184 | Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | 7.5 | 3.88% | 2021-12-30 | 2026-06-17 |
| CVE-2021-4181 | Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | 7.5 | 3.77% | 2021-12-30 | 2026-06-17 |
| CVE-2021-39929 | Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | 7.5 | 3.64% | 2021-11-19 | 2026-06-17 |