CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 4160 of 95 results
CVE Description Max CVSS EPSS % Published Updated
CVE-2024-0325 In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.   3.6 0.75% 2024-02-01 2026-06-17
CVE-2024-6726 Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE). 8.8 0.74% 2024-07-29 2026-06-17
CVE-2018-11747 Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. 9.8 0.72% 2019-03-21 2026-06-16
CVE-2021-27019 PuppetDB logging included potentially sensitive system information. 4.3 0.71% 2021-08-30 2026-06-16
CVE-2017-2293 Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy. 4.9 0.70% 2018-02-01 2026-06-16
CVE-2018-6511 A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. 5.4 0.65% 2018-05-08 2026-06-16
CVE-2017-2297 Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens. 7.5 0.65% 2018-02-01 2026-06-16
CVE-2024-3995 In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. 2.0 0.61% 2024-06-28 2026-06-17
CVE-2018-11751 Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0. 5.4 0.61% 2019-12-16 2026-06-16
CVE-2021-27017 Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. 6.6 0.53% 2025-02-07 2026-06-16
CVE-2018-6510 A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. 5.4 0.53% 2018-05-08 2026-06-16
CVE-2021-27018 The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source. 7.5 0.52% 2021-08-30 2026-06-16
CVE-2022-2394 Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. 4.1 0.50% 2022-07-19 2026-06-17
CVE-2023-5309 Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. 6.8 0.50% 2023-11-07 2026-06-17
CVE-2024-10345 In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek. 8.7 0.47% 2024-11-11 2026-06-17
CVE-2024-10344 In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek. 8.7 0.47% 2024-11-11 2026-06-17
CVE-2024-10314 In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek. 8.7 0.47% 2024-11-11 2026-06-17
CVE-2026-6043 P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the built-in 'remote' user. These default settings, taken together, can lead to unauthorized access to source code repositories and other managed assets. The 2026.1 release, expected in May 2026, enforces se 8.8 0.46% 2026-04-24 2026-06-17
CVE-2023-1894 A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. 5.3 0.44% 2023-05-04 2026-06-17
CVE-2026-6902 A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks. 7.7 0.43% 2026-05-18 2026-06-17
cvelogic Threat Intelligence