Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-6902 | A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks. | 7.7 | 0.43% | 2026-05-18 | 2026-05-20 |
| CVE-2026-8654 | Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host. | 8.7 | 0.05% | 2026-05-15 | 2026-05-15 |
| CVE-2026-6043 | P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the built-in 'remote' user. These default settings, taken together, can lead to unauthorized access to source code repositories and other managed assets. The 2026.1 release, expected in May 2026, enforces se | 8.8 | 0.02% | 2026-04-24 | 2026-04-24 |
| CVE-2025-14591 | In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally identifiable information (PII) unmasked. | 5.3 | 0.03% | 2025-12-20 | 2026-01-05 |
| CVE-2025-13472 | A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI. | 5.3 | 0.06% | 2025-12-03 | 2026-04-15 |
| CVE-2025-10360 | In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise | 6.9 | 0.02% | 2025-09-24 | 2026-04-15 |
| CVE-2025-5459 | A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0. | 8.6 | 0.27% | 2025-06-26 | 2025-10-14 |
| CVE-2025-3113 | A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets. | 9.0 | 0.34% | 2025-04-17 | 2026-04-15 |
| CVE-2025-2903 | An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM. | 8.5 | 0.11% | 2025-04-17 | 2026-04-15 |
| CVE-2024-11084 | Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists. | 6.3 | 0.19% | 2025-04-15 | 2026-04-15 |
| CVE-2025-1714 | Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server | 6.9 | 0.34% | 2025-03-05 | 2026-04-15 |
| CVE-2024-5174 | A flaw in Gliffy results in broken authentication through the reset functionality of the application. | 5.3 | 0.15% | 2025-02-24 | 2026-04-15 |
| CVE-2024-7141 | Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw. | 5.9 | 0.05% | 2025-02-20 | 2026-04-15 |
| CVE-2021-27017 | Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. | 6.6 | 0.09% | 2025-02-07 | 2026-04-15 |
| CVE-2024-10315 | In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. | 6.9 | 0.12% | 2024-11-11 | 2026-04-15 |
| CVE-2024-10345 | In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek. | 8.7 | 0.71% | 2024-11-11 | 2026-04-15 |
| CVE-2024-10344 | In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek. | 8.7 | 0.85% | 2024-11-11 | 2026-04-15 |
| CVE-2024-10314 | In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek. | 8.7 | 0.85% | 2024-11-11 | 2026-04-15 |
| CVE-2024-9129 | In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino | 9.3 | 0.19% | 2024-10-22 | 2026-04-15 |
| CVE-2024-9160 | In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered. | 5.4 | 0.04% | 2024-09-27 | 2026-04-29 |