CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 12039 条结果
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2025-8088 KEV A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. 8.4 80.91% 2025-08-08 2026-06-17
CVE-2023-5631 KEV Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. 6.1 75.87% 2023-10-18 2026-06-17
CVE-2024-11182 KEV An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window. 5.3 17.11% 2024-11-15 2026-06-17
CVE-2024-11859 DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. 8.4 2.01% 2025-04-07 2026-06-17
CVE-2024-7262 KEV Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document 9.3 1.76% 2024-08-15 2026-06-17
CVE-2024-7014 EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. 7.1 1.36% 2024-07-23 2026-06-17
CVE-2022-0615 Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system. 5.9 0.80% 2022-02-25 2026-06-17
CVE-2021-37852 ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM. 7.8 0.57% 2022-02-09 2026-06-17
CVE-2024-0353 Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. 7.8 0.55% 2024-02-15 2026-06-17
CVE-2025-3929 An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and access user data. 5.3 0.47% 2025-04-29 2026-06-17
CVE-2024-7263 Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library. 9.3 0.39% 2024-08-15 2026-06-17
CVE-2023-5594 Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. 7.5 0.38% 2023-12-21 2026-06-17
CVE-2025-12460 An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and access user data. 5.3 0.36% 2025-10-31 2026-06-17
CVE-2024-2003 Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. 7.3 0.31% 2024-06-21 2026-06-17
CVE-2023-7043 Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions. 3.3 0.28% 2024-01-31 2026-06-17
CVE-2022-4020 Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. 8.1 0.24% 2022-11-28 2026-06-17
CVE-2024-7400 The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so. 8.5 0.22% 2024-09-27 2026-06-17
CVE-2021-37850 ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot. 5.5 0.22% 2021-11-08 2026-06-17
CVE-2024-3779 Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. 6.1 0.20% 2024-07-16 2026-06-17
CVE-2024-6654 Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. 6.8 0.20% 2024-09-27 2026-06-17
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
cvelogic Threat Intelligence