Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-5385 | An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7. | 8.4 | 0.42% | 2026-06-02 | 2026-06-17 |
| CVE-2026-2637 | iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks. This issue affects iBoysoft NTFS: 8.0.0. | 8.5 | 0.17% | 2026-03-03 | 2026-06-17 |
| CVE-2026-2293 | A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13. | 8.2 | 0.68% | 2026-02-27 | 2026-06-17 |
| CVE-2025-14979 | AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6. | 8.5 | 0.15% | 2026-01-06 | 2026-06-17 |
| CVE-2025-13733 | BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2. | 8.5 | 0.19% | 2025-12-12 | 2026-06-17 |
| CVE-2025-10655 | SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0. | 8.6 | 0.47% | 2025-12-09 | 2026-06-17 |
| CVE-2025-9624 | A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4. | 8.3 | 0.45% | 2025-11-25 | 2026-06-17 |
| CVE-2025-11921 | iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4. | 8.5 | 0.54% | 2025-11-24 | 2026-06-17 |
| CVE-2025-10751 | MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects MacForge: 1.2.0 Beta 1. | 8.5 | 0.18% | 2025-10-03 | 2026-06-17 |
| CVE-2025-54084 | OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | 8.5 | 0.82% | 2025-09-09 | 2026-06-17 |
| CVE-2025-7635 | Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | 8.7 | 0.27% | 2025-09-09 | 2026-06-17 |
| CVE-2025-8101 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2. | 8.8 | 0.48% | 2025-07-25 | 2026-06-17 |
| CVE-2025-6998 | ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1. | 8.7 | 0.79% | 2025-07-24 | 2026-06-17 |
| CVE-2025-52841 | Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0. | 8.5 | 0.21% | 2025-07-02 | 2026-06-17 |
| CVE-2023-49641 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.35% | 2025-05-12 | 2026-06-17 |
| CVE-2024-2692 | SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS. | 9.0 | 0.73% | 2024-04-03 | 2026-06-17 |
| CVE-2024-1651 | Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. | 10.0 | 34.00% | 2024-02-19 | 2026-06-17 |
| CVE-2024-1644 | Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI. | 9.9 | 0.86% | 2024-02-19 | 2026-06-17 |
| CVE-2023-50867 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50866 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |