聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2022-2024 | OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | 9.8 | 97.84% | 2023-02-25 | 2026-06-17 |
| CVE-2023-0315 | Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | 8.8 | 97.65% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0297 | Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | 9.8 | 96.99% | 2023-01-13 | 2026-06-17 |
| CVE-2022-0824 | Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | 8.8 | 96.98% | 2022-03-02 | 2026-06-17 |
| CVE-2023-2948 | Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. | 6.1 | 96.73% | 2023-05-28 | 2026-06-17 |
| CVE-2022-2733 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | 6.1 | 95.84% | 2022-08-09 | 2026-06-17 |
| CVE-2022-3562 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | 5.4 | 94.22% | 2022-11-20 | 2026-06-17 |
| CVE-2022-4067 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | 5.4 | 93.71% | 2022-11-20 | 2026-06-17 |
| CVE-2022-4069 | Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | 4.8 | 93.34% | 2022-11-20 | 2026-06-17 |
| CVE-2023-2947 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | 4.8 | 90.79% | 2023-05-27 | 2026-06-17 |
| CVE-2023-6909 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 7.5 | 89.72% | 2023-12-17 | 2026-06-17 |
| CVE-2024-1728 | gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect fil | 7.5 | 85.39% | 2024-04-10 | 2026-06-17 |
| CVE-2024-4990 | In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unaut | 9.1 | 79.39% | 2025-03-20 | 2026-06-17 |
| CVE-2024-3408 | man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, | 9.8 | 77.95% | 2024-06-06 | 2026-06-17 |
| CVE-2022-1179 | Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 5.4 | 76.90% | 2022-03-30 | 2026-06-17 |
| CVE-2023-6019 | A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 | 9.8 | 74.63% | 2023-11-16 | 2026-06-17 |
| CVE-2023-2034 | Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. | 8.8 | 73.25% | 2023-04-13 | 2026-06-17 |
| CVE-2023-3765 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | 10.0 | 70.74% | 2023-07-18 | 2026-06-17 |
| CVE-2023-1177 | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | 9.3 | 69.47% | 2023-03-24 | 2026-06-17 |
| CVE-2023-4347 | Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0. | 5.4 | 66.88% | 2023-08-14 | 2026-06-17 |