CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 2140181 条结果
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2023-6367 In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. 7.6 0.51% 2023-12-14 2026-06-17
CVE-2023-6368 In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold. 5.9 0.55% 2023-12-14 2026-06-17
CVE-2023-6595 In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold. 7.5 0.80% 2023-12-14 2026-06-17
CVE-2023-6784 A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. 4.7 0.38% 2023-12-20 2026-06-17
CVE-2024-0219 In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. 7.8 0.19% 2024-01-31 2026-06-17
CVE-2024-0396 In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service. 7.1 0.54% 2024-01-17 2026-06-17
CVE-2024-0832 In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. 7.8 0.19% 2024-01-31 2026-06-17
CVE-2024-0833 In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. 7.8 0.16% 2024-01-31 2026-06-17
CVE-2024-10012 In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.23% 2024-11-13 2026-06-17
CVE-2024-10013 In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.22% 2024-11-13 2026-06-17
CVE-2024-10095 In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. 8.4 0.73% 2024-12-16 2026-06-17
CVE-2024-11343 In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. 8.3 0.60% 2025-02-12 2026-06-17
CVE-2024-11625 Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. 7.7 0.29% 2025-01-07 2026-06-17
CVE-2024-11626 Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. 8.4 0.34% 2025-01-07 2026-06-17
CVE-2024-11627 : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. 6.8 0.31% 2025-01-07 2026-06-17
CVE-2024-11628 In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. 4.1 0.72% 2025-02-12 2026-06-17
CVE-2024-11629 In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. 7.1 0.36% 2025-02-12 2026-06-17
CVE-2024-12105 In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. 6.5 42.37% 2024-12-31 2026-06-17
CVE-2024-12106 In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. 9.4 9.44% 2024-12-31 2026-06-17
CVE-2024-12108 In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. 9.6 6.80% 2024-12-31 2026-06-17
cvelogic Threat Intelligence