Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2018-13819 | A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. | 7.5 | 1.38% | 2018-08-30 | 2026-06-16 |
| CVE-2018-6590 | CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | 6.1 | 0.75% | 2018-08-03 | 2026-06-16 |
| CVE-2018-9029 | An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | 9.8 | 1.75% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9028 | Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | 7.5 | 0.91% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9027 | A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | 6.1 | 0.90% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9026 | A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | 7.5 | 1.33% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9025 | An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | 7.5 | 1.41% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9024 | An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | 5.3 | 1.12% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9023 | An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | 8.8 | 1.91% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9022 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | 9.8 | 20.39% | 2018-06-18 | 2026-06-16 |
| CVE-2018-9021 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | 9.8 | 19.38% | 2018-06-18 | 2026-06-16 |
| CVE-2015-4664 | An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. | 9.8 | 20.83% | 2018-06-18 | 2026-06-16 |
| CVE-2018-6589 | CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 | 1.73% | 2018-05-01 | 2026-06-16 |
| CVE-2018-8954 | CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | 9.8 | 7.31% | 2018-04-11 | 2026-06-16 |
| CVE-2018-8953 | CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | 8.8 | 2.80% | 2018-04-11 | 2026-06-16 |
| CVE-2018-6588 | CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | 6.1 | 0.92% | 2018-03-29 | 2026-06-16 |
| CVE-2018-6587 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | 6.1 | 0.92% | 2018-03-29 | 2026-06-16 |
| CVE-2018-6586 | CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. | 6.1 | 0.92% | 2018-03-29 | 2026-06-16 |
| CVE-2017-9394 | A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | 5.4 | 0.64% | 2017-11-14 | 2026-06-16 |
| CVE-2017-9393 | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | 9.8 | 1.68% | 2017-09-22 | 2026-06-16 |