CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 2140 of 94 results
CVE Description Max CVSS EPSS % Published Updated
CVE-2024-3995 In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. 2.0 0.61% 2024-06-28 2026-06-17
CVE-2024-3930 In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. 6.3 0.31% 2024-07-30 2026-06-17
CVE-2024-3826 In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality. 8.6 0.34% 2024-07-02 2026-06-17
CVE-2024-3825 Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration 4.3 0.17% 2024-04-17 2026-06-17
CVE-2024-2796 A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. 9.3 0.38% 2024-04-18 2026-06-17
CVE-2024-11084 Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists. 6.3 0.39% 2025-04-15 2026-06-17
CVE-2024-10345 In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek. 8.7 0.47% 2024-11-11 2026-06-17
CVE-2024-10344 In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek. 8.7 0.47% 2024-11-11 2026-06-17
CVE-2024-10315 In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. 6.9 0.32% 2024-11-11 2026-06-17
CVE-2024-10314 In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek. 8.7 0.47% 2024-11-11 2026-06-17
CVE-2024-0325 In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.   3.6 0.75% 2024-02-01 2026-06-17
CVE-2023-5759 In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.   7.5 0.95% 2023-11-08 2026-06-17
CVE-2023-5309 Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. 6.8 0.50% 2023-11-07 2026-06-17
CVE-2023-5255 For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. 4.4 0.41% 2023-10-03 2026-06-17
CVE-2023-5214 In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. 6.5 0.37% 2023-10-06 2026-06-17
CVE-2023-45849 An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. 9.0 1.11% 2023-11-08 2026-06-17
CVE-2023-45319 In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.  7.5 0.95% 2023-11-08 2026-06-17
CVE-2023-35767 In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.   7.5 0.95% 2023-11-08 2026-06-17
CVE-2023-2530 A privilege escalation allowing remote code execution was discovered in the orchestration service. 9.8 1.11% 2023-06-07 2026-06-17
CVE-2023-1894 A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. 5.3 0.44% 2023-05-04 2026-06-17
cvelogic Threat Intelligence