CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 1202481 条结果
«« 第一页 « 上一页 第 1 / 125 页 下一页 »
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2021-3603 PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validato 8.1 2.26% 2021-06-17 2026-06-17
CVE-2021-3647 URI.js is vulnerable to URL Redirection to Untrusted Site 6.1 0.91% 2021-07-16 2026-06-17
CVE-2021-3649 chatwoot is vulnerable to Inefficient Regular Expression Complexity 7.5 1.22% 2021-07-16 2026-06-17
CVE-2021-3663 firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts 7.5 0.71% 2021-07-25 2026-06-17
CVE-2021-3664 url-parse is vulnerable to URL Redirection to Untrusted Site 5.3 1.83% 2021-07-26 2026-06-17
CVE-2021-3680 showdoc is vulnerable to Missing Cryptographic Step 4.9 0.46% 2021-08-04 2026-06-17
CVE-2021-3678 showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 5.9 1.06% 2021-08-04 2026-06-17
CVE-2021-3689 yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator 7.5 1.90% 2021-08-10 2026-06-17
CVE-2021-3692 yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator 5.3 1.70% 2021-08-10 2026-06-17
CVE-2021-3693 LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. 8.8 3.01% 2021-08-23 2026-06-17
CVE-2021-3694 LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. 8.2 2.39% 2021-08-23 2026-06-17
CVE-2021-3728 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 6.5 0.48% 2021-08-23 2026-06-17
CVE-2021-3729 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 4.3 0.39% 2021-08-23 2026-06-17
CVE-2021-3730 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 6.5 0.46% 2021-08-23 2026-06-17
CVE-2021-3731 LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions. 5.9 1.07% 2021-08-23 2026-06-17
CVE-2021-3734 yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames 8.8 0.39% 2021-08-26 2026-06-17
CVE-2021-3749 axios is vulnerable to Inefficient Regular Expression Complexity 7.5 8.52% 2021-08-31 2026-06-17
CVE-2021-3757 immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 9.8 1.65% 2021-09-02 2026-06-17
CVE-2021-3758 bookstack is vulnerable to Server-Side Request Forgery (SSRF) 6.5 0.77% 2021-09-02 2026-06-17
CVE-2021-32568 mrdoc is vulnerable to Deserialization of Untrusted Data 7.8 0.80% 2021-09-06 2026-06-16
«« 第一页 « 上一页 第 1 / 125 页 下一页 »
cvelogic Threat Intelligence