Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-33796 | In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. | 10.0 | 0.71% | 2023-07-07 | 2026-06-16 |
| CVE-2021-32495 | Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. | 10.0 | 0.76% | 2023-07-07 | 2026-06-16 |
| CVE-2021-32494 | Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. | 10.0 | 0.84% | 2023-07-07 | 2026-06-16 |
| CVE-2024-33999 | The referrer URL used by MFA required additional sanitizing, rather than being used directly. | 9.8 | 0.54% | 2024-05-31 | 2026-06-17 |
| CVE-2023-43091 | A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. | 9.8 | 0.84% | 2024-11-17 | 2026-06-17 |
| CVE-2023-28333 | The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | 9.8 | 1.17% | 2023-03-23 | 2026-06-17 |
| CVE-2022-4170 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | 9.8 | 2.06% | 2022-12-09 | 2026-06-17 |
| CVE-2022-40315 | A limited SQL injection risk was identified in the "browse list of users" site administration page. | 9.8 | 0.85% | 2022-09-30 | 2026-06-17 |
| CVE-2022-40314 | A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | 9.8 | 1.59% | 2022-09-30 | 2026-06-17 |
| CVE-2022-35649 | The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. | 9.8 | 6.44% | 2022-07-25 | 2026-06-17 |
| CVE-2022-30600 | A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. | 9.8 | 4.99% | 2022-05-18 | 2026-06-17 |
| CVE-2022-30599 | A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | 9.8 | 1.29% | 2022-05-18 | 2026-06-17 |
| CVE-2022-0699 | A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc. | 9.8 | 1.25% | 2022-10-17 | 2026-06-17 |
| CVE-2022-0332 | A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | 9.8 | 44.92% | 2022-01-25 | 2026-06-17 |
| CVE-2021-43310 | A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution. | 9.8 | 1.70% | 2022-09-21 | 2026-06-17 |
| CVE-2021-3943 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | 9.8 | 2.38% | 2021-11-22 | 2026-06-17 |
| CVE-2021-3657 | A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. | 9.8 | 3.46% | 2022-02-18 | 2026-06-17 |
| CVE-2021-36394 | In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | 9.8 | 7.03% | 2023-03-06 | 2026-06-16 |
| CVE-2021-36393 | In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | 9.8 | 52.30% | 2023-03-06 | 2026-06-16 |
| CVE-2021-36392 | In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | 9.8 | 0.84% | 2023-03-06 | 2026-06-16 |