Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-43300 | Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | 9.8 | 2.38% | 2022-02-16 | 2026-06-17 |
| CVE-2021-43301 | Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | 9.8 | 2.38% | 2022-02-16 | 2026-06-17 |
| CVE-2021-43302 | Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. | 9.1 | 2.16% | 2022-02-16 | 2026-06-17 |
| CVE-2021-43303 | Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied | 9.8 | 2.38% | 2022-02-16 | 2026-06-17 |
| CVE-2021-45074 | JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. | 4.3 | 0.61% | 2022-03-02 | 2026-06-17 |
| CVE-2021-46270 | JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. | 2.7 | 0.61% | 2022-03-02 | 2026-06-17 |
| CVE-2021-42387 | Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation. | 8.1 | 1.55% | 2022-03-14 | 2026-06-17 |
| CVE-2021-42388 | Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation. | 8.1 | 1.55% | 2022-03-14 | 2026-06-17 |
| CVE-2021-42389 | Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 6.5 | 1.24% | 2022-03-14 | 2026-06-17 |
| CVE-2021-42390 | Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 6.5 | 1.24% | 2022-03-14 | 2026-06-17 |
| CVE-2021-42391 | Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 6.5 | 1.35% | 2022-03-14 | 2026-06-17 |
| CVE-2021-43304 | Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. | 8.8 | 1.65% | 2022-03-14 | 2026-06-17 |
| CVE-2021-43305 | Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call. | 8.8 | 1.65% | 2022-03-14 | 2026-06-17 |
| CVE-2022-0573 | JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. | 8.8 | 1.90% | 2022-05-16 | 2026-06-17 |
| CVE-2021-45730 | JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. | 6.0 | 0.50% | 2022-05-19 | 2026-06-17 |
| CVE-2021-41834 | JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | 5.3 | 0.53% | 2022-05-23 | 2026-06-17 |
| CVE-2021-43306 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method | 5.9 | 1.33% | 2022-06-02 | 2026-06-17 |
| CVE-2021-43307 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method | 5.9 | 1.46% | 2022-06-02 | 2026-06-17 |
| CVE-2021-43308 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function | 5.9 | 1.03% | 2022-06-02 | 2026-06-17 |
| CVE-2022-1929 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method | 5.9 | 0.59% | 2022-06-02 | 2026-06-17 |