聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2022-2024 | OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | 9.8 | 97.84% | 2023-02-25 | 2026-06-17 |
| CVE-2023-0315 | Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | 8.8 | 97.65% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0297 | Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | 9.8 | 96.99% | 2023-01-13 | 2026-06-17 |
| CVE-2022-0824 | Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | 8.8 | 96.98% | 2022-03-02 | 2026-06-17 |
| CVE-2023-2948 | Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. | 6.1 | 96.73% | 2023-05-28 | 2026-06-17 |
| CVE-2022-2733 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | 6.1 | 95.84% | 2022-08-09 | 2026-06-17 |
| CVE-2022-3562 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | 5.4 | 94.22% | 2022-11-20 | 2026-06-17 |
| CVE-2022-4067 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | 5.4 | 93.71% | 2022-11-20 | 2026-06-17 |
| CVE-2022-4069 | Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | 4.8 | 93.34% | 2022-11-20 | 2026-06-17 |
| CVE-2023-2947 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | 4.8 | 90.79% | 2023-05-27 | 2026-06-17 |
| CVE-2023-6909 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 7.5 | 89.72% | 2023-12-17 | 2026-06-17 |
| CVE-2024-1728 | gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect fil | 7.5 | 85.39% | 2024-04-10 | 2026-06-17 |
| CVE-2024-4990 | In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unaut | 9.1 | 79.53% | 2025-03-20 | 2026-06-17 |
| CVE-2024-3408 | man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, | 9.8 | 77.95% | 2024-06-06 | 2026-06-17 |
| CVE-2022-1179 | Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 5.4 | 76.90% | 2022-03-30 | 2026-06-17 |
| CVE-2023-6019 | A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 | 9.8 | 74.63% | 2023-11-16 | 2026-06-17 |
| CVE-2023-2034 | Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. | 8.8 | 73.25% | 2023-04-13 | 2026-06-17 |
| CVE-2023-3765 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | 10.0 | 70.74% | 2023-07-18 | 2026-06-17 |
| CVE-2023-1177 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | 9.3 | 69.47% | 2023-03-24 | 2026-06-17 |
| CVE-2023-4347 | Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0. | 5.4 | 66.88% | 2023-08-14 | 2026-06-17 |