CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 2483 results
«« First « Prev Page 1 / 125 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2021-3603 PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validato 8.1 2.26% 2021-06-17 2026-06-17
CVE-2021-3647 URI.js is vulnerable to URL Redirection to Untrusted Site 6.1 0.91% 2021-07-16 2026-06-17
CVE-2021-3649 chatwoot is vulnerable to Inefficient Regular Expression Complexity 7.5 1.22% 2021-07-16 2026-06-17
CVE-2021-3663 firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts 7.5 0.71% 2021-07-25 2026-06-17
CVE-2021-3664 url-parse is vulnerable to URL Redirection to Untrusted Site 5.3 1.83% 2021-07-26 2026-06-17
CVE-2021-3680 showdoc is vulnerable to Missing Cryptographic Step 4.9 0.46% 2021-08-04 2026-06-17
CVE-2021-3678 showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 5.9 1.06% 2021-08-04 2026-06-17
CVE-2021-3689 yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator 7.5 1.90% 2021-08-10 2026-06-17
CVE-2021-3692 yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator 5.3 1.70% 2021-08-10 2026-06-17
CVE-2021-3693 LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. 8.8 3.01% 2021-08-23 2026-06-17
CVE-2021-3694 LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. 8.2 2.39% 2021-08-23 2026-06-17
CVE-2021-3728 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 6.5 0.48% 2021-08-23 2026-06-17
CVE-2021-3729 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 4.3 0.39% 2021-08-23 2026-06-17
CVE-2021-3730 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 6.5 0.46% 2021-08-23 2026-06-17
CVE-2021-3731 LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions. 5.9 1.07% 2021-08-23 2026-06-17
CVE-2021-3734 yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames 8.8 0.39% 2021-08-26 2026-06-17
CVE-2021-3749 axios is vulnerable to Inefficient Regular Expression Complexity 7.5 8.52% 2021-08-31 2026-06-17
CVE-2021-3757 immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 9.8 1.65% 2021-09-02 2026-06-17
CVE-2021-3758 bookstack is vulnerable to Server-Side Request Forgery (SSRF) 6.5 0.77% 2021-09-02 2026-06-17
CVE-2021-32568 mrdoc is vulnerable to Deserialization of Untrusted Data 7.8 0.80% 2021-09-06 2026-06-16
«« First « Prev Page 1 / 125 Next »
cvelogic Threat Intelligence