聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2021-3603 | PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validato | 8.1 | 2.26% | 2021-06-17 | 2026-06-17 |
| CVE-2021-3647 | URI.js is vulnerable to URL Redirection to Untrusted Site | 6.1 | 0.91% | 2021-07-16 | 2026-06-17 |
| CVE-2021-3649 | chatwoot is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 1.22% | 2021-07-16 | 2026-06-17 |
| CVE-2021-3663 | firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | 7.5 | 0.71% | 2021-07-25 | 2026-06-17 |
| CVE-2021-3664 | url-parse is vulnerable to URL Redirection to Untrusted Site | 5.3 | 1.83% | 2021-07-26 | 2026-06-17 |
| CVE-2021-3680 | showdoc is vulnerable to Missing Cryptographic Step | 4.9 | 0.46% | 2021-08-04 | 2026-06-17 |
| CVE-2021-3678 | showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | 5.9 | 1.06% | 2021-08-04 | 2026-06-17 |
| CVE-2021-3689 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 7.5 | 1.90% | 2021-08-10 | 2026-06-17 |
| CVE-2021-3692 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 5.3 | 1.70% | 2021-08-10 | 2026-06-17 |
| CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.8 | 3.01% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3694 | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 8.2 | 2.39% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3728 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.48% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3729 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 | 0.39% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3730 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 6.5 | 0.46% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3731 | LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions. | 5.9 | 1.07% | 2021-08-23 | 2026-06-17 |
| CVE-2021-3734 | yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 8.8 | 0.39% | 2021-08-26 | 2026-06-17 |
| CVE-2021-3749 | axios is vulnerable to Inefficient Regular Expression Complexity | 7.5 | 7.93% | 2021-08-31 | 2026-06-17 |
| CVE-2021-3757 | immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | 1.60% | 2021-09-02 | 2026-06-17 |
| CVE-2021-3758 | bookstack is vulnerable to Server-Side Request Forgery (SSRF) | 6.5 | 0.77% | 2021-09-02 | 2026-06-17 |
| CVE-2021-32568 | mrdoc is vulnerable to Deserialization of Untrusted Data | 7.8 | 0.80% | 2021-09-06 | 2026-06-17 |