聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2017-1002150 | python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | 6.1 | 0.81% | 2017-09-14 | 2026-06-16 |
| CVE-2017-1002151 | Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | 7.5 | 1.06% | 2017-09-14 | 2026-06-16 |
| CVE-2017-1002153 | Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. | 7.5 | 1.14% | 2017-10-06 | 2026-06-16 |
| CVE-2018-1002150 | Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. | 9.1 | 1.67% | 2018-04-04 | 2026-06-16 |
| CVE-2017-1002152 | Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. | 6.1 | 0.78% | 2019-01-10 | 2026-06-16 |
| CVE-2017-1002157 | modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. | 9.8 | 2.80% | 2019-01-10 | 2026-06-16 |
| CVE-2021-3410 | A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | 7.8 | 0.56% | 2021-02-23 | 2026-06-17 |
| CVE-2021-3496 | A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. | 7.8 | 1.06% | 2021-04-22 | 2026-06-17 |
| CVE-2021-3508 | A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file. | 5.5 | 0.76% | 2021-04-28 | 2026-06-17 |
| CVE-2021-32613 | In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | 5.5 | 1.16% | 2021-05-14 | 2026-06-16 |
| CVE-2021-30469 | A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. | 5.5 | 0.70% | 2021-05-26 | 2026-06-16 |
| CVE-2021-30470 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. | 5.5 | 0.69% | 2021-05-26 | 2026-06-16 |
| CVE-2021-30471 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. | 5.5 | 0.73% | 2021-05-26 | 2026-06-16 |
| CVE-2021-30472 | A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. | 7.8 | 0.76% | 2021-05-26 | 2026-06-16 |
| CVE-2021-32614 | A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc'ed bound. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution. | 7.1 | 0.91% | 2021-05-26 | 2026-06-16 |
| CVE-2021-3486 | GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code. | 6.1 | 1.39% | 2021-05-26 | 2026-06-17 |
| CVE-2021-32490 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. | 7.8 | 0.91% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32491 | A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. | 7.8 | 0.88% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32492 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. | 7.8 | 0.93% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32493 | A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. | 7.8 | 1.00% | 2021-06-24 | 2026-06-16 |