Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-47832 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate. | N/A | 0.01% | 2026-01-16 | 2026-01-21 |
| CVE-2025-34294 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the behavior originates from a documentation-published Active Response example script. Please refer to this advisory ( https://github.com/wazuh/wazuh-documentation/security/advisories/GHSA-46r5-xp98-fpgg ) for further information. | N/A | 0.01% | 2025-10-28 | 2025-12-19 |
| CVE-2025-34075 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary. https://developer.hashicorp.com/vagrant/docs/synced-folders | N/A | 0.02% | 2025-07-02 | 2025-07-16 |
| CVE-2019-25348 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.03% | 2026-02-12 | 2026-02-13 |
| CVE-2018-25153 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the reported issue does not constitute a security vulnerability and represents a minor, non-exploitable memory leak. | N/A | 0.03% | 2025-12-24 | 2025-12-29 |
| CVE-2026-35021 | Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the affected code path cannot be triggered through normal usage of Claude Code. | N/A | 0.03% | 2026-04-06 | 2026-05-29 |
| CVE-2026-34509 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.03% | 2026-03-31 | 2026-04-01 |
| CVE-2022-50798 | Rejected reason: This candidate is a duplicate of CVE-2017-11359. | N/A | 0.03% | 2025-12-30 | 2026-01-07 |
| CVE-2026-28484 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.05% | 2026-03-05 | 2026-03-06 |
| CVE-2022-50807 | Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. | N/A | 0.05% | 2026-01-13 | 2026-01-14 |
| CVE-2026-34508 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.06% | 2026-03-31 | 2026-04-01 |
| CVE-2025-34412 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action. | N/A | 0.06% | 2025-12-15 | 2025-12-24 |
| CVE-2026-35020 | Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model of CLI tools. | N/A | 0.06% | 2026-04-06 | 2026-05-29 |
| CVE-2025-34062 | An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration. | 5.7 | 0.07% | 2025-07-01 | 2026-06-17 |
| CVE-2026-56272 | Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database breach scenario. | 5.6 | 0.07% | 2026-06-24 | 2026-06-25 |
| CVE-2026-32977 | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox to redirect committed files outside the validated writable path within the container mount namespace. | 5.8 | 0.08% | 2026-03-31 | 2026-06-17 |
| CVE-2024-13975 | A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This may allow unauthorized access or lateral movement within the backup infrastructure. The issue has been resolved in versions 11.32.60, 11.34.34, and 11.36.8. | 8.5 | 0.08% | 2025-07-25 | 2026-06-17 |
| CVE-2026-43529 | OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and preflight read, causing the validator to inspect a different file identity than the one that passed the initial boundary check. | 2.0 | 0.08% | 2026-05-05 | 2026-06-17 |
| CVE-2026-32988 | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes outside the intended validated path before the final guarded replace step executes. | 5.8 | 0.08% | 2026-03-31 | 2026-06-17 |
| CVE-2019-25651 | Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to der | 9.0 | 0.08% | 2026-03-27 | 2026-06-16 |