Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-3728 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.48% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3729 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 | 0.39% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3730 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.46% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3731 | LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions. | 5.9 | 1.07% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3734 | yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 8.8 | 0.39% | 2021-08-26 | 2026-06-17 |
| CVE-2021-3740 | A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token. | 6.8 | 0.20% | 2024-11-15 | 2026-06-17 |
| CVE-2021-3741 | A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks. | 5.4 | 0.29% | 2024-11-15 | 2026-06-17 |
| CVE-2021-3742 | A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection. | 8.8 | 0.37% | 2024-11-15 | 2026-06-17 |
| CVE-2021-3745 | flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type | 6.6 | 1.07% | 2021-10-28 | 2026-06-17 |
| CVE-2021-3749 | axios is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 8.52% | 2021-08-31 | 2026-06-17 |
| CVE-2021-3751 | libmobi is vulnerable to Out-of-bounds Write | 9.8 | 1.20% | 2021-09-15 | 2026-06-17 |
| CVE-2021-3756 | libmysofa is vulnerable to Heap-based Buffer Overflow | 9.8 | 1.03% | 2021-10-29 | 2026-06-17 |
| CVE-2021-3757 | immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | 1.65% | 2021-09-02 | 2026-06-17 |
| CVE-2021-3758 | bookstack is vulnerable to Server-Side Request Forgery (SSRF) | 6.5 | 0.77% | 2021-09-02 | 2026-06-17 |
| CVE-2021-3765 | validator.js is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 1.65% | 2021-11-02 | 2026-06-17 |
| CVE-2021-3766 | objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | 1.47% | 2021-09-06 | 2026-06-17 |
| CVE-2021-3767 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 | 0.56% | 2021-09-06 | 2026-06-17 |
| CVE-2021-3768 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 | 0.56% | 2021-09-06 | 2026-06-17 |
| CVE-2021-3769 | # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme. | 7.5 | 0.94% | 2021-11-30 | 2026-06-17 |
| CVE-2021-3770 | vim is vulnerable to Heap-based Buffer Overflow | 7.8 | 0.71% | 2021-09-06 | 2026-06-17 |