Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-1002150 | python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | 6.1 | 0.81% | 2017-09-14 | 2026-06-16 |
| CVE-2017-1002151 | Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | 7.5 | 1.06% | 2017-09-14 | 2026-06-16 |
| CVE-2017-1002153 | Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. | 7.5 | 1.14% | 2017-10-06 | 2026-06-16 |
| CVE-2018-1002150 | Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. | 9.1 | 1.67% | 2018-04-04 | 2026-06-16 |
| CVE-2017-1002152 | Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. | 6.1 | 0.78% | 2019-01-10 | 2026-06-16 |
| CVE-2017-1002157 | modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. | 9.8 | 2.80% | 2019-01-10 | 2026-06-16 |
| CVE-2021-3410 | A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | 7.8 | 0.56% | 2021-02-23 | 2026-06-17 |
| CVE-2021-3496 | A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. | 7.8 | 1.06% | 2021-04-22 | 2026-06-17 |
| CVE-2021-3508 | A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file. | 5.5 | 0.76% | 2021-04-28 | 2026-06-17 |
| CVE-2021-32613 | In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | 5.5 | 1.16% | 2021-05-14 | 2026-06-16 |
| CVE-2021-30469 | A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. | 5.5 | 0.70% | 2021-05-26 | 2026-06-16 |
| CVE-2021-30470 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. | 5.5 | 0.69% | 2021-05-26 | 2026-06-16 |
| CVE-2021-30471 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. | 5.5 | 0.73% | 2021-05-26 | 2026-06-16 |
| CVE-2021-30472 | A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. | 7.8 | 0.76% | 2021-05-26 | 2026-06-16 |
| CVE-2021-32614 | A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc'ed bound. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution. | 7.1 | 0.91% | 2021-05-26 | 2026-06-16 |
| CVE-2021-3486 | GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code. | 6.1 | 1.39% | 2021-05-26 | 2026-06-17 |
| CVE-2021-32490 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. | 7.8 | 0.91% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32491 | A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. | 7.8 | 0.88% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32492 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. | 7.8 | 0.93% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32493 | A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. | 7.8 | 1.00% | 2021-06-24 | 2026-06-16 |