CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 81100189 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above 10.0 44.07% 2024-09-05 2026-06-17
CVE-2024-6658 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive)    From 7.2.49.0 to 7.2.54.11 (inclusive)    7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.11 and all prior versions ECS All prior versions to 7.2.60.0 (inclusive) 8.4 0.55% 2024-09-12 2026-06-17
CVE-2024-7575 In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. 7.8 0.69% 2024-09-25 2026-06-17
CVE-2024-7576 In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.45% 2024-09-25 2026-06-17
CVE-2024-7679 In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. 7.8 0.75% 2024-09-25 2026-06-17
CVE-2024-8316 In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.18% 2024-09-25 2026-06-17
CVE-2024-7292 In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. 7.5 0.32% 2024-10-09 2026-06-17
CVE-2024-7293 In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. 7.5 0.31% 2024-10-09 2026-06-17
CVE-2024-7294 In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. 7.5 0.30% 2024-10-09 2026-06-17
CVE-2024-7840 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. 7.8 0.66% 2024-10-09 2026-06-17
CVE-2024-8014 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. 8.8 0.60% 2024-10-09 2026-06-17
CVE-2024-8015 In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. 9.1 0.82% 2024-10-09 2026-06-17
CVE-2024-8048 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. 7.8 0.22% 2024-10-09 2026-06-17
CVE-2024-8755 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) 8.4 1.14% 2024-10-11 2026-06-17
CVE-2024-7763 In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. 9.8 0.62% 2024-10-24 2026-06-17
CVE-2024-9825 The Chef Habitat builder-api on-prem-builder package  with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference (IDOR) by un-authorized deletion of personal token.  Habitat builder consumes builder-api habitat package as a dependency and the vulnerability was specifically due to builder-api habitat package. The fix was made available in habitat/builder-api/10315/20240913162802 and all the subsequent versions after that. We would recommend us 5.4 0.27% 2024-10-28 2026-06-17
CVE-2024-9999 In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. 6.5 0.41% 2024-11-12 2026-06-17
CVE-2024-10012 In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.23% 2024-11-13 2026-06-17
CVE-2024-10013 In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.22% 2024-11-13 2026-06-17
CVE-2024-7295 In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. 7.1 0.11% 2024-11-13 2026-06-17
cvelogic Threat Intelligence