Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-54296 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12075. Reason: This candidate is a duplicate of CVE-2026-12075. Notes: All CVE users should reference CVE-2026-12075 instead of this candidate. | N/A | 0.03% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48089 | DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the other vulnerability-triage write endpoints exposed under a public asset, including VEX rule create / update / reapply | 7.1 | 0.04% | 2026-06-19 | 2026-06-19 |
| CVE-2026-49271 | libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector from iterators outside the compressed item buffer, producing an out-of-bounds heap read and crash. Version 1.22.1 patches the issue. | 6.5 | 0.04% | 2026-06-19 | 2026-06-19 |
| CVE-2026-35578 | Rejected reason: This CVE is a duplicate of another CVE.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39940. Reason: This candidate is a reservation duplicate of CVE-2026-39940. Notes: All CVE users should reference CVE-2026-39940 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | N/A | 0.04% | 2026-04-07 | 2026-04-13 |
| CVE-2026-54095 | Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of CVE-2025-53826. Notes: All CVE users should reference CVE-2025-53826 instead of this candidate | N/A | 0.04% | 2026-06-12 | 2026-06-12 |
| CVE-2026-54017 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does not fully confine the user-controlled `path` segment before forwarding it to an admin-configured terminal server. An authenticated user who has been granted access to a terminal server can craft `path` values containing encoded `../` traversal sequences that escape the intended path (or policy) scope | 7.7 | 0.04% | 2026-06-18 | 2026-06-18 |
| CVE-2026-54295 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12061. Reason: This candidate is a duplicate of CVE-2026-12061. Notes: All CVE users should reference CVE-2026-12061 instead of this candidate. | N/A | 0.04% | 2026-06-15 | 2026-06-15 |
| CVE-2026-54292 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12074. Reason: This candidate is a duplicate of CVE-2026-12074. Notes: All CVE users should reference CVE-2026-12074 instead of this candidate. | N/A | 0.04% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48794 | Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may be skipped when it should match a request. The specific conditions that could lead to a security issue for vulnerability are: 1. The specific target resource of the attack must be using the forwarded au | 1.3 | 0.04% | 2026-06-19 | 2026-06-19 |
| CVE-2024-40639 | Rejected reason: This CVE is a duplicate of another CVE. | N/A | 0.04% | 2024-07-17 | 2024-07-17 |
| CVE-2023-47638 | Rejected reason: Confirm reference is not public. | N/A | 0.04% | 2023-11-15 | 2023-11-15 |
| CVE-2023-45804 | Rejected reason: User requested a CVE number by mistake | N/A | 0.04% | 2023-10-30 | 2023-11-07 |
| CVE-2023-45665 | Rejected reason: This CVE is a duplicate of another CVE. | N/A | 0.04% | 2023-10-19 | 2023-11-07 |
| CVE-2023-41901 | Rejected reason: Further research determined the issue is not a vulnerability. | N/A | 0.04% | 2023-09-15 | 2023-11-07 |
| CVE-2023-40568 | Rejected reason: GitHub has been informed that the requestor is working with another CNA for these vulnerabilities. | N/A | 0.04% | 2023-08-25 | 2023-11-07 |
| CVE-2023-38707 | Rejected reason: This CVE has been rejected because of [CNA rule 7.4.7](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_7_assignment_rules): ``` 7.4.7 CNAs SHOULD NOT assign CVE IDs to vulnerabilities in products that are not publicly available or licensable. ``` The repository with the vulnerable code is private, and therefore the product is not publicly available. | N/A | 0.04% | 2023-08-04 | 2023-11-07 |
| CVE-2023-38696 | Rejected reason: This CVE has been rejected because it is unclear whether the issue rests in the original repository `microsoft/ContosoAir`, the forked repository `Apetree100122/ContosoAir`, or both. If the Microsoft repository is vulnerable, [Microsoft](https://www.cve.org/PartnerInformation/ListofPartners/partner/microsoft) is the appropriate CVE Numbering Authority. | N/A | 0.04% | 2023-08-04 | 2023-11-07 |
| CVE-2023-28426 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further investigation showed that this CVE was assigned in error. Notes: See https://github.com/darylldoyle/svg-sanitizer/issues/88 for a technical discussion. | N/A | 0.04% | 2023-03-20 | 2023-11-07 |
| CVE-2022-35958 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-37458. Reason: This candidate is a reservation duplicate of CVE-2022-37458. Notes: All CVE users should reference CVE-2022-37458 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | N/A | 0.04% | 2022-08-15 | 2023-11-07 |
| CVE-2022-31171 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-31159. Reason: This candidate is a reservation duplicate of CVE-2022-31159. Notes: All CVE users should reference CVE-2022-31159 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | N/A | 0.04% | 2022-07-21 | 2023-11-07 |