聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2024-23581 | The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application. | 6.7 | 无 | 2026-06-26 | 2026-06-26 |
| CVE-2024-51454 | IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | 6.5 | 0.21% | 2026-06-22 | 2026-06-26 |
| CVE-2024-54178 | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources. | 6.5 | 0.24% | 2026-06-22 | 2026-06-22 |
| CVE-2024-58351 | Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relies on vm2 for sandboxing, an attacker can abuse it to achieve remote code execution and sandbox escape, denial of service by crashing the server, server-side request forgery, prompt injection, and server | 9.3 | 0.65% | 2026-06-20 | 2026-06-22 |
| CVE-2024-27928 | vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1) reset the password via email and then 2) reset the 2FA token via email. This way they reduce 2FA to 1FA (email access). Note that most email providers require 2FA to access email, so this issue is not very likely to cause issues. Version 5.0.0 fixes the issue. No known workarounds are available. | 5.9 | 0.28% | 2026-06-17 | 2026-06-23 |
| CVE-2024-24769 | vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam sender. Note resetting the MFA token requires a correct password, so the potential impact for this is very low. V | 2.1 | 0.28% | 2026-06-17 | 2026-06-23 |
| CVE-2024-47477 | Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning. | 6.5 | 0.12% | 2026-06-17 | 2026-06-22 |
| CVE-2024-52488 | Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions. | 9.9 | 0.47% | 2026-06-17 | 2026-06-17 |
| CVE-2024-49269 | Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions. | 7.1 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2024-37496 | Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. | 4.3 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2024-37210 | Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5. | 6.5 | 0.27% | 2026-06-17 | 2026-06-17 |
| CVE-2024-35690 | Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. | 6.5 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2024-35648 | Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0. | 4.3 | 0.13% | 2026-06-17 | 2026-06-17 |
| CVE-2024-34810 | Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10. | 4.3 | 0.12% | 2026-06-17 | 2026-06-17 |
| CVE-2024-33909 | Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1. | 5.3 | 0.25% | 2026-06-17 | 2026-06-17 |
| CVE-2024-33685 | Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1. | 4.3 | 0.15% | 2026-06-17 | 2026-06-17 |
| CVE-2024-32949 | Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8. | 8.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2024-32729 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8. | 7.5 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2024-31435 | : Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6. | 4.3 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2024-24709 | Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11. | 4.3 | 0.19% | 2026-06-17 | 2026-06-17 |