CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 115426 results
«« First « Prev Page 1 / 5772 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2021-25296 KEV Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. 8.8 71.74% 2021-02-15 2026-07-06
CVE-2021-25297 KEV Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. 8.8 42.94% 2021-02-15 2026-07-06
CVE-2021-25298 KEV Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. 8.8 75.16% 2021-02-15 2026-07-06
CVE-2021-42237 KEV Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. 9.8 99.21% 2021-11-05 2026-07-06
CVE-2023-38950 KEV A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime. 7.5 84.88% 2023-08-03 2026-07-06
CVE-2022-26258 KEV D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. 9.8 81.19% 2022-03-27 2026-07-06
CVE-2025-67038 KEV An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges. 9.8 1.13% 2026-03-11 2026-07-06
CVE-2025-44619 Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication. 9.1 0.34% 2025-05-29 2026-07-05
CVE-2024-40583 Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. 9.1 0.63% 2024-12-09 2026-07-05
CVE-2024-40582 Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information. 7.5 0.36% 2024-12-09 2026-07-05
CVE-2026-38936 A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter 6.1 0.24% 2026-04-27 2026-07-05
CVE-2026-38935 A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter 6.1 0.24% 2026-04-27 2026-07-05
CVE-2026-38934 Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php 8.8 0.23% 2026-04-27 2026-07-05
CVE-2026-38931 A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload. 5.4 0.21% 2026-05-27 2026-07-05
CVE-2026-38930 OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter. 6.5 0.32% 2026-05-27 2026-07-05
CVE-2026-36356 The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. 9.1 14.41% 2026-05-05 2026-07-05
CVE-2026-36239 PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality 4.3 0.31% 2026-05-26 2026-07-05
CVE-2026-36182 GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack. 9.8 0.23% 2026-06-04 2026-07-05
CVE-2026-36180 A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack. 4.6 0.14% 2026-06-04 2026-07-05
CVE-2026-36178 The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data. 4.6 0.16% 2026-06-04 2026-07-05
«« First « Prev Page 1 / 5772 Next »
cvelogic Threat Intelligence