CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 141160189 条结果
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2024-4837 In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. 5.3 0.43% 2024-05-15 2026-06-17
CVE-2024-4357 An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. 6.5 0.70% 2024-05-15 2026-06-17
CVE-2024-4202 In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. 7.7 0.27% 2024-05-15 2026-06-17
CVE-2024-4200 In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. 7.7 0.29% 2024-05-15 2026-06-17
CVE-2024-3892 A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. 7.2 0.22% 2024-05-15 2026-06-17
CVE-2024-4562 In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality.  Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery. 5.4 0.38% 2024-05-14 2026-06-17
CVE-2024-4561 In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. 4.2 0.43% 2024-05-14 2026-06-17
CVE-2024-3544 Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. 7.5 0.38% 2024-05-02 2026-06-17
CVE-2024-3543 Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. 6.4 0.28% 2024-05-02 2026-06-17
CVE-2024-2389 In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. 10.0 93.90% 2024-04-02 2026-06-17
CVE-2024-2449 A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. 7.5 12.88% 2024-03-22 2026-06-17
CVE-2024-2448 An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. 8.4 55.42% 2024-03-22 2026-06-17
CVE-2024-2291 In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. 4.3 0.39% 2024-03-20 2026-06-17
CVE-2024-1856 In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. 8.5 1.13% 2024-03-20 2026-06-17
CVE-2024-1801 In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. 7.7 0.42% 2024-03-20 2026-06-17
CVE-2024-1800 In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. 9.9 40.38% 2024-03-20 2026-06-17
CVE-2024-1636 Potential Cross-Site Scripting (XSS) in the page editing area. 8.0 0.40% 2024-02-28 2026-06-17
CVE-2024-1632 Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. 8.8 0.50% 2024-02-28 2026-06-17
CVE-2024-1403 In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication.   10.0 3.27% 2024-02-27 2026-06-17
CVE-2024-1212 KEV Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. 10.0 95.39% 2024-02-21 2026-07-13
cvelogic Threat Intelligence