Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-57965 | In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability. | 0.0 | 0.36% | 2025-01-29 | 2026-06-17 |
| CVE-2024-50633 | A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer). | 0.0 | 0.60% | 2025-01-16 | 2026-06-17 |
| CVE-2013-4869 | Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is con | 0.0 | 0.62% | 2013-07-18 | 2026-06-16 |
| CVE-1999-0657 | WinGate is being used. | 0.0 | 1.37% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0641 | The UUCP service is running. | 0.0 | 1.29% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0639 | The chargen service is running. | 0.0 | 1.32% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0638 | The daytime service is running. | 0.0 | 1.28% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0637 | The systat service is running. | 0.0 | 1.35% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0635 | The echo service is running. | 0.0 | 1.03% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0629 | The ident/identd service is running. | 0.0 | 1.32% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0627 | The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. | 0.0 | 6.71% | 1992-03-01 | 2026-06-16 |
| CVE-1999-0626 | A version of rusers is running that exposes valid user information to any entity on the network. | 0.0 | 1.38% | 1997-01-01 | 2026-06-16 |
| CVE-1999-0625 | The rpc.rquotad service is running. | 0.0 | 1.31% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0624 | The rstat/rstatd service is running. | 0.0 | 1.34% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0613 | The rpc.sprayd service is running. | 0.0 | 1.34% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0612 | A version of finger is running that exposes valid user information to any entity on the network. | 0.0 | 67.44% | 1997-03-01 | 2026-06-16 |
| CVE-1999-0586 | A network service is running on a nonstandard port. | 0.0 | 1.32% | 1999-01-01 | 2026-06-16 |
| CVE-1999-0532 | A DNS server allows zone transfers. | 0.0 | 68.53% | 1997-07-01 | 2026-06-16 |
| CVE-1999-0525 | IP traceroute is allowed from arbitrary hosts. | 0.0 | 3.06% | 1997-01-01 | 2026-06-16 |
| CVE-1999-0523 | ICMP echo (ping) is allowed from arbitrary hosts. | 0.0 | 1.33% | 1999-01-01 | 2026-06-16 |