Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-0367 | Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | 8.8 | 1.86% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0366 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. | 5.4 | 1.34% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0365 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. | 4.7 | 1.19% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0364 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | 6.1 | 1.12% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0363 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. | 6.1 | 1.12% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0362 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | 8.8 | 0.79% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0361 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. | 7.8 | 0.46% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0359 | diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. | 9.8 | 1.89% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0358 | Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. | 7.8 | 2.28% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0357 | A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption. | 9.8 | 3.04% | 2018-04-13 | 2026-06-16 |
| CVE-2017-0356 | A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. | 9.8 | 3.46% | 2018-04-13 | 2026-06-16 |
| CVE-2016-9646 | ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. | 5.3 | 1.18% | 2018-04-13 | 2026-06-16 |
| CVE-2016-9645 | The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. | 6.5 | 0.94% | 2018-04-10 | 2026-06-16 |
| CVE-2018-0493 | remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution. | 7.2 | 2.55% | 2018-04-03 | 2026-06-16 |
| CVE-2018-0492 | Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. | 7.0 | 1.65% | 2018-04-03 | 2026-06-16 |
| CVE-2014-0486 | Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. | 7.5 | 3.46% | 2018-03-27 | 2026-06-16 |
| CVE-2018-0491 | A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list. | 7.5 | 15.06% | 2018-03-05 | 2026-06-16 |
| CVE-2018-0490 | An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting. | 7.5 | 2.73% | 2018-03-05 | 2026-06-16 |
| CVE-2018-0489 | Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. | 6.5 | 2.15% | 2018-02-27 | 2026-06-16 |
| CVE-2018-0488 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. | 9.8 | 4.88% | 2018-02-13 | 2026-06-16 |