Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-0832 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | 5.4 | 66.62% | 2022-03-04 | 2026-06-17 |
| CVE-2025-0655 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage. | N/A | 66.16% | 2025-03-20 | 2025-04-15 |
| CVE-2022-0415 | Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | 8.8 | 65.24% | 2022-03-21 | 2026-06-17 |
| CVE-2023-1578 | SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. | 8.8 | 65.11% | 2023-03-22 | 2026-06-17 |
| CVE-2022-1429 | SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data | 7.5 | 63.86% | 2022-04-22 | 2026-06-17 |
| CVE-2023-3224 | Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | 9.8 | 58.65% | 2023-06-13 | 2026-06-17 |
| CVE-2022-1058 | Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | 6.1 | 53.18% | 2022-03-24 | 2026-06-17 |
| CVE-2024-6396 | A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. | 9.8 | 53.11% | 2024-07-11 | 2026-06-17 |
| CVE-2022-1178 | Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 5.4 | 51.61% | 2022-03-30 | 2026-06-17 |
| CVE-2022-1181 | Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. | 5.4 | 51.47% | 2022-03-30 | 2026-06-17 |
| CVE-2022-0557 | OS Command Injection in Packagist microweber/microweber prior to 1.2.11. | 7.2 | 51.19% | 2022-02-11 | 2026-06-17 |
| CVE-2022-1993 | Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | 8.1 | 51.14% | 2022-06-09 | 2026-06-17 |
| CVE-2024-1520 | An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise. | 9.8 | 48.21% | 2024-04-10 | 2026-06-17 |
| CVE-2023-6018 | An attacker can overwrite any file on the server hosting MLflow without any authentication. | 9.8 | 47.87% | 2023-11-16 | 2026-06-17 |
| CVE-2022-2550 | OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. | 8.8 | 47.49% | 2022-07-27 | 2026-06-17 |
| CVE-2022-0666 | CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. | 7.5 | 44.26% | 2022-02-18 | 2026-06-17 |
| CVE-2022-3552 | Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. | 7.2 | 44.00% | 2022-10-17 | 2026-06-17 |
| CVE-2023-2227 | Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | 9.1 | 43.76% | 2023-04-21 | 2026-06-17 |
| CVE-2022-0819 | Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | 8.8 | 43.58% | 2022-03-02 | 2026-06-17 |
| CVE-2024-3848 | A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitra | 7.5 | 43.28% | 2024-05-16 | 2026-06-17 |