CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 115515 results
«« First « Prev Page 1 / 5776 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2024-57965 In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability. 0.0 0.36% 2025-01-29 2026-06-17
CVE-2024-50633 A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer). 0.0 0.60% 2025-01-16 2026-06-17
CVE-2013-4869 Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is con 0.0 0.62% 2013-07-18 2026-06-16
CVE-1999-0657 WinGate is being used. 0.0 1.37% 1999-01-01 2026-06-16
CVE-1999-0641 The UUCP service is running. 0.0 1.29% 1999-01-01 2026-06-16
CVE-1999-0639 The chargen service is running. 0.0 1.32% 1999-01-01 2026-06-16
CVE-1999-0638 The daytime service is running. 0.0 1.28% 1999-01-01 2026-06-16
CVE-1999-0637 The systat service is running. 0.0 1.35% 1999-01-01 2026-06-16
CVE-1999-0635 The echo service is running. 0.0 1.03% 1999-01-01 2026-06-16
CVE-1999-0629 The ident/identd service is running. 0.0 1.32% 1999-01-01 2026-06-16
CVE-1999-0627 The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. 0.0 6.71% 1992-03-01 2026-06-16
CVE-1999-0626 A version of rusers is running that exposes valid user information to any entity on the network. 0.0 1.38% 1997-01-01 2026-06-16
CVE-1999-0625 The rpc.rquotad service is running. 0.0 1.31% 1999-01-01 2026-06-16
CVE-1999-0624 The rstat/rstatd service is running. 0.0 1.34% 1999-01-01 2026-06-16
CVE-1999-0613 The rpc.sprayd service is running. 0.0 1.34% 1999-01-01 2026-06-16
CVE-1999-0612 A version of finger is running that exposes valid user information to any entity on the network. 0.0 67.44% 1997-03-01 2026-06-16
CVE-1999-0586 A network service is running on a nonstandard port. 0.0 1.32% 1999-01-01 2026-06-16
CVE-1999-0532 A DNS server allows zone transfers. 0.0 68.53% 1997-07-01 2026-06-16
CVE-1999-0525 IP traceroute is allowed from arbitrary hosts. 0.0 3.06% 1997-01-01 2026-06-16
CVE-1999-0523 ICMP echo (ping) is allowed from arbitrary hosts. 0.0 1.33% 1999-01-01 2026-06-16
«« First « Prev Page 1 / 5776 Next »
cvelogic Threat Intelligence