CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 179 results
«« First « Prev Page 1 / 9 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-3912 Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour. 8.7 0.33% 2026-03-24 2026-06-17
CVE-2026-3207 Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access. 8.7 0.28% 2026-03-17 2026-06-17
CVE-2025-11548 A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution 9.3 0.48% 2025-10-14 2026-06-17
CVE-2025-3751 The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information 7.0 0.27% 2025-05-21 2026-06-17
CVE-2025-2261 Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application. 7.0 0.27% 2025-05-21 2026-06-17
CVE-2025-3115 Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution 9.4 0.61% 2025-04-09 2026-06-17
CVE-2025-3114 Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. 9.4 0.56% 2025-04-09 2026-06-17
CVE-2024-10218 XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence 9.2 0.49% 2024-11-12 2026-06-17
CVE-2024-10217 XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence 9.2 0.54% 2024-11-12 2026-06-17
CVE-2024-3325 Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0. 8.6 0.58% 2024-07-10 2026-06-17
CVE-2024-3331 Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected software..This issue affects Spotfire Enterprise Runtime for R - Server Edition: from 1.12.7 through 1.20.0; Spotfire Statistics Services: from 12.0.7 through 12.3.1, from 14.0.0 through 14.3.0; Spotfire A 6.8 0.38% 2024-06-27 2026-06-17
CVE-2024-3330 Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction from a person other than the attacker., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitra 9.9 0.59% 2024-06-27 2026-06-17
CVE-2024-4576 The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. 5.3 0.47% 2024-06-13 2026-06-17
CVE-2024-3182 Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files. 6.5 0.16% 2024-05-15 2026-06-17
CVE-2024-3323 Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact. 8.3 0.44% 2024-04-17 2026-06-17
CVE-2024-1138 The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below. 8.8 0.46% 2024-03-12 2026-06-17
CVE-2024-1137 The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. 4.3 0.32% 2024-03-12 2026-06-17
CVE-2023-26222 The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below. 8.7 0.47% 2023-11-14 2026-06-17
CVE-2023-26221 The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versio 5.0 0.19% 2023-11-08 2026-06-17
CVE-2023-26219 The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric 7.4 0.43% 2023-10-25 2026-06-17
«« First « Prev Page 1 / 9 Next »
cvelogic Threat Intelligence