CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 2140 of 2483 results
«« First « Prev Page 2 / 125 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2022-0832 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. 5.4 66.62% 2022-03-04 2026-06-17
CVE-2025-0655 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage. N/A 66.16% 2025-03-20 2025-04-15
CVE-2022-0415 Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. 8.8 65.24% 2022-03-21 2026-06-17
CVE-2023-1578 SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. 8.8 65.11% 2023-03-22 2026-06-17
CVE-2022-1429 SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data 7.5 63.86% 2022-04-22 2026-06-17
CVE-2023-3224 Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. 9.8 58.65% 2023-06-13 2026-06-17
CVE-2022-1058 Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. 6.1 53.18% 2022-03-24 2026-06-17
CVE-2024-6396 A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. 9.8 53.11% 2024-07-11 2026-06-17
CVE-2022-1178 Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. 5.4 51.61% 2022-03-30 2026-06-17
CVE-2022-1181 Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. 5.4 51.47% 2022-03-30 2026-06-17
CVE-2022-0557 OS Command Injection in Packagist microweber/microweber prior to 1.2.11. 7.2 51.19% 2022-02-11 2026-06-17
CVE-2022-1993 Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. 8.1 51.14% 2022-06-09 2026-06-17
CVE-2024-1520 An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise. 9.8 48.21% 2024-04-10 2026-06-17
CVE-2023-6018 An attacker can overwrite any file on the server hosting MLflow without any authentication. 9.8 47.87% 2023-11-16 2026-06-17
CVE-2022-2550 OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. 8.8 47.49% 2022-07-27 2026-06-17
CVE-2022-0666 CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. 7.5 44.26% 2022-02-18 2026-06-17
CVE-2022-3552 Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. 7.2 44.00% 2022-10-17 2026-06-17
CVE-2023-2227 Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. 9.1 43.76% 2023-04-21 2026-06-17
CVE-2022-0819 Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. 8.8 43.58% 2022-03-02 2026-06-17
CVE-2024-3848 A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitra 7.5 43.28% 2024-05-16 2026-06-17
«« First « Prev Page 2 / 125 Next »
cvelogic Threat Intelligence