Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-32568 | mrdoc is vulnerable to Deserialization of Untrusted Data | 7.8 | 0.25% | 2021-09-06 | 2024-11-21 |
| CVE-2021-3603 | PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validato | 8.1 | 0.76% | 2021-06-17 | 2024-11-21 |
| CVE-2021-3645 | merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | 0.45% | 2021-09-10 | 2024-11-21 |
| CVE-2021-3646 | btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 | 0.22% | 2021-09-10 | 2024-11-21 |
| CVE-2021-3647 | URI.js is vulnerable to URL Redirection to Untrusted Site | 6.1 | 0.18% | 2021-07-16 | 2024-11-21 |
| CVE-2021-3649 | chatwoot is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 0.28% | 2021-07-16 | 2024-11-21 |
| CVE-2021-3663 | firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | 7.5 | 0.16% | 2021-07-25 | 2024-11-21 |
| CVE-2021-3664 | url-parse is vulnerable to URL Redirection to Untrusted Site | 5.3 | 0.24% | 2021-07-26 | 2024-11-21 |
| CVE-2021-3666 | body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | 0.36% | 2021-09-13 | 2024-11-21 |
| CVE-2021-3678 | showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | 5.9 | 0.39% | 2021-08-04 | 2024-11-21 |
| CVE-2021-3680 | showdoc is vulnerable to Missing Cryptographic Step | 4.9 | 0.05% | 2021-08-04 | 2024-11-21 |
| CVE-2021-3683 | showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.06% | 2021-11-13 | 2024-11-21 |
| CVE-2021-3689 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 7.5 | 0.45% | 2021-08-10 | 2024-11-21 |
| CVE-2021-3692 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 5.3 | 0.36% | 2021-08-10 | 2024-11-21 |
| CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.8 | 0.79% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3694 | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.2 | 0.25% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3706 | adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | 7.5 | 0.25% | 2021-09-15 | 2024-11-21 |
| CVE-2021-3725 | Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin. | 7.5 | 1.36% | 2021-11-30 | 2024-11-21 |
| CVE-2021-3726 | # Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function. | 7.5 | 0.42% | 2021-11-30 | 2024-11-21 |
| CVE-2021-3727 | # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted | 7.5 | 1.36% | 2021-11-30 | 2024-11-21 |