Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2021-3603 | PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validato | 8.1 | 2.26% | 2021-06-17 | 2026-06-17 |
| CVE-2021-3647 | URI.js is vulnerable to URL Redirection to Untrusted Site | 6.1 | 0.91% | 2021-07-16 | 2026-06-17 |
| CVE-2021-3649 | chatwoot is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 1.22% | 2021-07-16 | 2026-06-17 |
| CVE-2021-3663 | firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | 7.5 | 0.71% | 2021-07-25 | 2026-06-17 |
| CVE-2021-3664 | url-parse is vulnerable to URL Redirection to Untrusted Site | 5.3 | 1.83% | 2021-07-26 | 2026-06-17 |
| CVE-2021-3680 | showdoc is vulnerable to Missing Cryptographic Step | 4.9 | 0.46% | 2021-08-04 | 2026-06-17 |
| CVE-2021-3678 | showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | 5.9 | 1.06% | 2021-08-04 | 2026-06-17 |
| CVE-2021-3689 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 7.5 | 1.90% | 2021-08-10 | 2026-06-17 |
| CVE-2021-3692 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 5.3 | 1.70% | 2021-08-10 | 2026-06-17 |
| CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.8 | 3.01% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3694 | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.2 | 2.39% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3728 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.48% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3729 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 | 0.39% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3730 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.46% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3731 | LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions. | 5.9 | 1.07% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3734 | yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 8.8 | 0.39% | 2021-08-26 | 2026-06-17 |
| CVE-2021-3749 | axios is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 8.52% | 2021-08-31 | 2026-06-17 |
| CVE-2021-3757 | immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | 1.65% | 2021-09-02 | 2026-06-17 |
| CVE-2021-3758 | bookstack is vulnerable to Server-Side Request Forgery (SSRF) | 6.5 | 0.77% | 2021-09-02 | 2026-06-17 |
| CVE-2021-32568 | mrdoc is vulnerable to Deserialization of Untrusted Data | 7.8 | 0.80% | 2021-09-06 | 2026-06-16 |