Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-1561 | An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the ap | 7.5 | 93.43% | 2024-04-16 | 2025-07-30 |
| CVE-2023-1177 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | 9.3 | 93.10% | 2023-03-24 | 2024-11-21 |
| CVE-2023-0297 | Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | 9.8 | 92.94% | 2023-01-14 | 2024-11-21 |
| CVE-2023-2479 | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | 9.8 | 92.73% | 2023-05-02 | 2024-11-21 |
| CVE-2022-0824 | Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | 8.8 | 92.68% | 2022-03-02 | 2024-11-21 |
| CVE-2024-3408 | man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, | 9.8 | 91.74% | 2024-06-06 | 2024-11-21 |
| CVE-2023-3765 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | 10.0 | 91.45% | 2023-07-19 | 2024-11-21 |
| CVE-2023-6018 | An attacker can overwrite any file on the server hosting MLflow without any authentication. | 9.8 | 91.27% | 2023-11-16 | 2024-11-21 |
| CVE-2024-2928 | A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previou | 7.5 | 91.16% | 2024-06-06 | 2024-11-21 |
| CVE-2022-0482 | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. | 9.1 | 90.79% | 2022-03-09 | 2024-11-21 |
| CVE-2022-2733 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | 6.1 | 89.70% | 2022-08-09 | 2024-11-21 |
| CVE-2022-0415 | Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | 8.8 | 89.61% | 2022-03-21 | 2024-11-21 |
| CVE-2022-1713 | SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. | 7.5 | 89.35% | 2022-05-16 | 2024-11-21 |
| CVE-2023-0315 | Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | 8.8 | 89.13% | 2023-01-16 | 2024-11-21 |
| CVE-2023-2356 | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | 7.5 | 89.02% | 2023-04-28 | 2024-11-21 |
| CVE-2023-6019 | A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 | 9.8 | 88.77% | 2023-11-16 | 2024-11-21 |
| CVE-2024-6396 | A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. | 9.8 | 88.70% | 2024-07-12 | 2025-07-23 |
| CVE-2024-6587 | A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key. | 7.5 | 88.63% | 2024-09-13 | 2024-09-20 |
| CVE-2023-6021 | LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 | 7.5 | 87.32% | 2023-11-16 | 2024-11-21 |
| CVE-2023-2948 | Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. | 6.1 | 86.51% | 2023-05-28 | 2024-11-21 |