CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 141160 of 804 results
«« First « Prev Page 8 / 41 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2017-0367 Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. 8.8 1.86% 2018-04-13 2026-06-16
CVE-2017-0366 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. 5.4 1.34% 2018-04-13 2026-06-16
CVE-2017-0365 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. 4.7 1.19% 2018-04-13 2026-06-16
CVE-2017-0364 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. 6.1 1.12% 2018-04-13 2026-06-16
CVE-2017-0363 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. 6.1 1.12% 2018-04-13 2026-06-16
CVE-2017-0362 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. 8.8 0.79% 2018-04-13 2026-06-16
CVE-2017-0361 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. 7.8 0.46% 2018-04-13 2026-06-16
CVE-2017-0359 diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. 9.8 1.89% 2018-04-13 2026-06-16
CVE-2017-0358 Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. 7.8 2.28% 2018-04-13 2026-06-16
CVE-2017-0357 A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption. 9.8 3.04% 2018-04-13 2026-06-16
CVE-2017-0356 A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. 9.8 3.46% 2018-04-13 2026-06-16
CVE-2016-9646 ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. 5.3 1.18% 2018-04-13 2026-06-16
CVE-2016-9645 The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. 6.5 0.94% 2018-04-10 2026-06-16
CVE-2018-0493 remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution. 7.2 2.55% 2018-04-03 2026-06-16
CVE-2018-0492 Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. 7.0 1.65% 2018-04-03 2026-06-16
CVE-2014-0486 Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. 7.5 3.46% 2018-03-27 2026-06-16
CVE-2018-0491 A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list. 7.5 15.06% 2018-03-05 2026-06-16
CVE-2018-0490 An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting. 7.5 2.73% 2018-03-05 2026-06-16
CVE-2018-0489 Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. 6.5 2.15% 2018-02-27 2026-06-16
CVE-2018-0488 ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. 9.8 4.88% 2018-02-13 2026-06-16
«« First « Prev Page 8 / 41 Next »
cvelogic Threat Intelligence