Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-3930 | In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. | 6.3 | 0.31% | 2024-07-30 | 2026-06-17 |
| CVE-2024-10315 | In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. | 6.9 | 0.32% | 2024-11-11 | 2026-06-17 |
| CVE-2024-5174 | A flaw in Gliffy results in broken authentication through the reset functionality of the application. | 5.3 | 0.34% | 2025-02-24 | 2026-06-17 |
| CVE-2025-3113 | A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets. | 9.0 | 0.34% | 2025-04-17 | 2026-06-17 |
| CVE-2024-3826 | In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality. | 8.6 | 0.34% | 2024-07-02 | 2026-06-17 |
| CVE-2025-1714 | Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server | 6.9 | 0.34% | 2025-03-05 | 2026-06-17 |
| CVE-2017-10689 | In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. | 5.5 | 0.37% | 2018-02-09 | 2026-06-17 |
| CVE-2023-5214 | In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | 6.5 | 0.37% | 2023-10-06 | 2026-06-17 |
| CVE-2024-2796 | A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. | 9.3 | 0.38% | 2024-04-18 | 2026-06-17 |
| CVE-2024-11084 | Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists. | 6.3 | 0.39% | 2025-04-15 | 2026-06-17 |
| CVE-2024-9129 | In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino | 9.3 | 0.41% | 2024-10-22 | 2026-06-17 |
| CVE-2023-5255 | For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. | 4.4 | 0.41% | 2023-10-03 | 2026-06-17 |
| CVE-2025-5459 | A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0. | 8.6 | 0.43% | 2025-06-26 | 2026-06-17 |
| CVE-2026-6902 | A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks. | 7.7 | 0.43% | 2026-05-18 | 2026-06-17 |
| CVE-2022-2394 | Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | 4.1 | 0.43% | 2022-07-19 | 2026-06-17 |
| CVE-2023-1894 | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. | 5.3 | 0.44% | 2023-05-04 | 2026-06-17 |
| CVE-2026-6043 | P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the built-in 'remote' user. These default settings, taken together, can lead to unauthorized access to source code repositories and other managed assets. The 2026.1 release, expected in May 2026, enforces se | 8.8 | 0.46% | 2026-04-24 | 2026-06-17 |
| CVE-2024-10345 | In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek. | 8.7 | 0.47% | 2024-11-11 | 2026-06-17 |
| CVE-2024-10344 | In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek. | 8.7 | 0.47% | 2024-11-11 | 2026-06-17 |
| CVE-2024-10314 | In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek. | 8.7 | 0.47% | 2024-11-11 | 2026-06-17 |