聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2025-22624 | FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php. | 5.1 | 0.38% | 2025-02-27 | 2026-06-17 |
| CVE-2025-0767 | WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php. | 6.3 | 0.43% | 2025-02-27 | 2026-06-17 |
| CVE-2025-22622 | Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php. | 4.3 | 0.27% | 2025-02-18 | 2026-06-17 |
| CVE-2024-8159 | Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver. | 6.4 | 0.15% | 2024-10-03 | 2026-06-17 |
| CVE-2024-6534 | Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover. | 4.3 | 0.33% | 2024-08-15 | 2026-06-17 |
| CVE-2024-6533 | Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover. | 5.4 | 0.36% | 2024-08-14 | 2026-06-17 |
| CVE-2024-3745 | MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user. | 7.8 | 0.22% | 2024-05-18 | 2026-06-17 |
| CVE-2024-2760 | Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. | 5.5 | 0.21% | 2024-04-23 | 2026-06-17 |
| CVE-2024-1241 | Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver. | 5.5 | 0.17% | 2024-04-23 | 2026-06-17 |
| CVE-2024-2692 | SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS. | 9.0 | 0.73% | 2024-04-03 | 2026-06-17 |
| CVE-2024-2204 | Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers. | 5.5 | 0.24% | 2024-03-15 | 2026-06-17 |
| CVE-2024-2180 | Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers | 5.5 | 0.28% | 2024-03-15 | 2026-06-17 |
| CVE-2024-1853 | Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers. | 5.5 | 0.20% | 2024-03-14 | 2026-06-17 |
| CVE-2024-1460 | MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | 5.6 | 0.24% | 2024-03-06 | 2026-06-17 |
| CVE-2024-1443 | MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | 4.4 | 0.23% | 2024-03-06 | 2026-06-17 |
| CVE-2024-2045 | Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments. | 5.5 | 0.33% | 2024-02-29 | 2026-06-17 |
| CVE-2024-0403 | Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF. | 6.5 | 0.43% | 2024-02-29 | 2026-06-17 |
| CVE-2024-1648 | electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. | 7.5 | 0.69% | 2024-02-19 | 2026-06-17 |
| CVE-2024-1647 | Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. | 7.5 | 0.69% | 2024-02-19 | 2026-06-17 |
| CVE-2024-1651 | Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. | 10.0 | 34.00% | 2024-02-19 | 2026-06-17 |