聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2021-32568 | mrdoc is vulnerable to Deserialization of Untrusted Data | 7.8 | 0.80% | 2021-09-06 | 2024-11-21 |
| CVE-2021-3603 | PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validato | 8.1 | 2.26% | 2021-06-17 | 2024-11-21 |
| CVE-2021-3645 | merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | 1.38% | 2021-09-10 | 2024-11-21 |
| CVE-2021-3646 | btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 | 0.75% | 2021-09-10 | 2024-11-21 |
| CVE-2021-3647 | URI.js is vulnerable to URL Redirection to Untrusted Site | 6.1 | 0.91% | 2021-07-16 | 2024-11-21 |
| CVE-2021-3649 | chatwoot is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 1.22% | 2021-07-16 | 2024-11-21 |
| CVE-2021-3663 | firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | 7.5 | 0.71% | 2021-07-25 | 2024-11-21 |
| CVE-2021-3664 | url-parse is vulnerable to URL Redirection to Untrusted Site | 5.3 | 1.83% | 2021-07-26 | 2024-11-21 |
| CVE-2021-3666 | body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | 1.26% | 2021-09-13 | 2024-11-21 |
| CVE-2021-3678 | showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | 5.9 | 1.06% | 2021-08-04 | 2024-11-21 |
| CVE-2021-3680 | showdoc is vulnerable to Missing Cryptographic Step | 4.9 | 0.46% | 2021-08-04 | 2024-11-21 |
| CVE-2021-3683 | showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.40% | 2021-11-13 | 2024-11-21 |
| CVE-2021-3689 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 7.5 | 1.90% | 2021-08-10 | 2024-11-21 |
| CVE-2021-3692 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 5.3 | 1.70% | 2021-08-10 | 2024-11-21 |
| CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.8 | 3.01% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3694 | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.2 | 2.39% | 2021-08-23 | 2024-11-21 |
| CVE-2021-3706 | adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | 7.5 | 1.07% | 2021-09-15 | 2024-11-21 |
| CVE-2021-3725 | Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin. | 7.5 | 1.05% | 2021-11-30 | 2024-11-21 |
| CVE-2021-3726 | # Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function. | 7.5 | 0.78% | 2021-11-30 | 2024-11-21 |
| CVE-2021-3727 | # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted | 7.5 | 1.03% | 2021-11-30 | 2024-11-21 |