CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 43 results
«« First « Prev Page 1 / 3 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2025-62180 Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs. 7.1 0.21% 2026-06-23 2026-06-23
CVE-2026-1711 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role. 4.8 0.19% 2026-04-15 2026-06-17
CVE-2026-1564 Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role. 5.1 0.19% 2026-04-15 2026-06-17
CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigates to this website. The malicious website could then present an unexpected message box. 6.0 0.26% 2026-04-07 2026-06-17
CVE-2026-1078 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The vulnerability could occur if a Robot Runtime user navigates to the malicious website. 7.2 0.32% 2026-04-07 2026-06-17
CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none. 4.8 0.26% 2026-03-31 2026-06-17
CVE-2026-0898 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes malicious code. The vulnerability may be exploited if a Pega Robot Studio developer is deceived into visiting this website during interrogation mode in Robot Studio. 9.0 0.32% 2026-03-23 2026-06-17
CVE-2025-62183 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low. 4.8 0.25% 2026-02-17 2026-06-17
CVE-2025-62182 Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file. 5.3 0.25% 2026-01-13 2026-06-17
CVE-2025-62181 Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated basic-authentication feature and other more secure authentication mechanisms are recommended. A fix is being provided in the 24.1.4, 24.2.4, and 25.1.1 patch releases. Please note: Basic credentials 5.3 0.40% 2025-12-10 2026-06-17
CVE-2025-9559 Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data. 6.5 0.37% 2025-10-16 2026-06-17
CVE-2025-8681 Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component.  Requires a high privileged user with a developer role. 5.5 0.18% 2025-09-10 2026-06-17
CVE-2025-2161 Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup 7.1 0.21% 2025-04-14 2026-06-17
CVE-2025-2160 Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup 8.1 0.22% 2025-04-14 2026-06-17
CVE-2024-12211 Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. 5.4 0.34% 2025-01-13 2026-06-17
CVE-2024-10716 Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. 5.9 0.21% 2024-12-05 2026-06-17
CVE-2024-10094 Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code 9.1 0.53% 2024-11-20 2026-06-17
CVE-2024-6702 Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. 5.2 0.24% 2024-09-12 2026-06-17
CVE-2024-6701 Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. 5.5 0.24% 2024-09-12 2026-06-17
CVE-2024-6700 Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. 5.5 0.24% 2024-09-12 2026-06-17
«« First « Prev Page 1 / 3 Next »
cvelogic Threat Intelligence