聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2008-20003 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 無 | 無 | 2026-04-22 | 2026-04-22 |
| CVE-2008-20002 | Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | 無 | 無 | 2026-04-22 | 2026-04-22 |
| CVE-2008-20001 | activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings. | 7.5 | 61.20% | 2025-08-30 | 2026-04-15 |
| CVE-2008-7260 | Rejected reason: This candidate is unused by its CNA. | 無 | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2008-7259 | Rejected reason: This candidate is unused by its CNA. | 無 | 0.04% | 2023-09-14 | 2023-11-07 |
| CVE-2008-10004 | A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 | 6.3 | 0.34% | 2023-03-06 | 2024-11-21 |
| CVE-2008-10003 | A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288. | 6.3 | 0.35% | 2023-03-05 | 2024-11-21 |
| CVE-2008-10002 | A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. | 3.5 | 0.49% | 2023-03-05 | 2024-11-21 |
| CVE-2008-10001 | A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | 5.5 | 0.21% | 2022-03-28 | 2024-11-21 |
| CVE-2008-1879 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 無 | 0.20% | 2021-07-07 | 2023-11-07 |
| CVE-2008-2660 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none | 無 | 0.22% | 2021-06-11 | 2023-11-07 |
| CVE-2008-1239 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none | 無 | 0.22% | 2021-06-11 | 2023-11-07 |
| CVE-2008-0885 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none | 無 | 0.22% | 2021-06-11 | 2023-11-07 |
| CVE-2008-2544 | Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. | 5.5 | 0.04% | 2021-05-27 | 2024-11-21 |
| CVE-2008-5509 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2008-5508. Reason: This candidate is a duplicate of CVE-2008-5508. Notes: All CVE users should reference CVE-2008-5508 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 無 | 0.22% | 2021-05-26 | 2023-11-07 |
| CVE-2008-5085 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA | 無 | 0.22% | 2021-05-26 | 2023-11-07 |
| CVE-2008-5084 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA | 無 | 0.22% | 2021-05-26 | 2023-11-07 |
| CVE-2008-3523 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA | 無 | 0.22% | 2021-05-26 | 2023-11-07 |
| CVE-2008-3280 | It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs. | 5.9 | 5.92% | 2021-05-21 | 2024-11-21 |
| CVE-2008-7308 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | 無 | 0.24% | 2020-11-05 | 2023-11-07 |