CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 2140 of 2485 results
«« First « Prev Page 2 / 125 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2021-3728 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 6.5 0.48% 2021-08-23 2026-06-17
CVE-2021-3729 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 4.3 0.39% 2021-08-23 2026-06-17
CVE-2021-3730 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 6.5 0.46% 2021-08-23 2026-06-17
CVE-2021-3731 LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions. 5.9 1.07% 2021-08-23 2026-06-17
CVE-2021-3734 yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames 8.8 0.39% 2021-08-26 2026-06-17
CVE-2021-3740 A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token. 6.8 0.20% 2024-11-15 2026-06-17
CVE-2021-3741 A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks. 5.4 0.29% 2024-11-15 2026-06-17
CVE-2021-3742 A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection. 8.8 0.37% 2024-11-15 2026-06-17
CVE-2021-3745 flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type 6.6 1.07% 2021-10-28 2026-06-17
CVE-2021-3749 axios is vulnerable to Inefficient Regular Expression Complexity 7.5 8.52% 2021-08-31 2026-06-17
CVE-2021-3751 libmobi is vulnerable to Out-of-bounds Write 9.8 1.20% 2021-09-15 2026-06-17
CVE-2021-3756 libmysofa is vulnerable to Heap-based Buffer Overflow 9.8 1.03% 2021-10-29 2026-06-17
CVE-2021-3757 immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 9.8 1.65% 2021-09-02 2026-06-17
CVE-2021-3758 bookstack is vulnerable to Server-Side Request Forgery (SSRF) 6.5 0.77% 2021-09-02 2026-06-17
CVE-2021-3765 validator.js is vulnerable to Inefficient Regular Expression Complexity 7.5 1.65% 2021-11-02 2026-06-17
CVE-2021-3766 objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 9.8 1.47% 2021-09-06 2026-06-17
CVE-2021-3767 bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 5.4 0.56% 2021-09-06 2026-06-17
CVE-2021-3768 bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 5.4 0.56% 2021-09-06 2026-06-17
CVE-2021-3769 # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme. 7.5 0.94% 2021-11-30 2026-06-17
CVE-2021-3770 vim is vulnerable to Heap-based Buffer Overflow 7.8 0.71% 2021-09-06 2026-06-17
«« First « Prev Page 2 / 125 Next »
cvelogic Threat Intelligence