CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 2140189 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2024-3892 A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. 7.2 0.22% 2024-05-15 2026-06-17
CVE-2024-8048 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. 7.8 0.22% 2024-10-09 2026-06-17
CVE-2024-10013 In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.22% 2024-11-13 2026-06-17
CVE-2026-8649 Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3. 6.4 0.22% 2026-07-08 2026-07-10
CVE-2025-13147 Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4. 5.3 0.23% 2025-11-19 2026-06-17
CVE-2024-10012 In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.23% 2024-11-13 2026-06-17
CVE-2026-11903 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfer (Ad Hoc module). This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8. 8.0 0.23% 2026-07-08 2026-07-10
CVE-2026-9272 In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification. 8.7 0.23% 2026-07-02 2026-07-07
CVE-2025-6725 In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered. 5.4 0.23% 2025-07-02 2026-06-17
CVE-2024-4563 The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. 6.1 0.24% 2024-05-22 2026-06-17
CVE-2026-8801 Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4. 3.5 0.25% 2026-07-08 2026-07-09
CVE-2025-1968 Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429. 7.7 0.26% 2025-04-09 2026-06-17
CVE-2024-9825 The Chef Habitat builder-api on-prem-builder package  with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference (IDOR) by un-authorized deletion of personal token.  Habitat builder consumes builder-api habitat package as a dependency and the vulnerability was specifically due to builder-api habitat package. The fix was made available in habitat/builder-api/10315/20240913162802 and all the subsequent versions after that. We would recommend us 5.4 0.27% 2024-10-28 2026-06-17
CVE-2024-4202 In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. 7.7 0.27% 2024-05-15 2026-06-17
CVE-2026-8487 Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. 6.5 0.27% 2026-05-20 2026-06-17
CVE-2025-10703 Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver log=(file) construct allows the user to specify an arbitrary file for the JDBC driver to write its log 8.6 0.27% 2025-11-19 2026-06-17
CVE-2025-10702 Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver supports an undocumented syntax construct for the option value that if discovered can be used by an a 8.6 0.27% 2025-11-19 2026-06-17
CVE-2024-7654 An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.  Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users.   Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default. 8.3 0.28% 2024-09-03 2026-06-17
CVE-2024-3543 Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. 6.4 0.28% 2024-05-02 2026-06-17
CVE-2026-10699 Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1. 7.5 0.28% 2026-07-08 2026-07-10
cvelogic Threat Intelligence