CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 81100189 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2024-12105 In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. 6.5 42.37% 2024-12-31 2026-06-17
CVE-2024-10095 In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. 8.4 0.73% 2024-12-16 2026-06-17
CVE-2024-8785 In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. 9.8 9.50% 2024-12-02 2026-06-17
CVE-2024-46909 In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. 9.8 49.17% 2024-12-02 2026-06-17
CVE-2024-46908 In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 8.8 2.26% 2024-12-02 2026-06-17
CVE-2024-46907 In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 8.8 2.26% 2024-12-02 2026-06-17
CVE-2024-46906 In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 8.8 40.58% 2024-12-02 2026-06-17
CVE-2024-46905 In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. 8.8 2.26% 2024-12-02 2026-06-17
CVE-2024-8049 In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable. 6.5 0.41% 2024-11-13 2026-06-17
CVE-2024-7295 In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. 7.1 0.11% 2024-11-13 2026-06-17
CVE-2024-10013 In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.22% 2024-11-13 2026-06-17
CVE-2024-10012 In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. 7.8 0.23% 2024-11-13 2026-06-17
CVE-2024-9999 In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. 6.5 0.41% 2024-11-12 2026-06-17
CVE-2024-9825 The Chef Habitat builder-api on-prem-builder package  with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference (IDOR) by un-authorized deletion of personal token.  Habitat builder consumes builder-api habitat package as a dependency and the vulnerability was specifically due to builder-api habitat package. The fix was made available in habitat/builder-api/10315/20240913162802 and all the subsequent versions after that. We would recommend us 5.4 0.27% 2024-10-28 2026-06-17
CVE-2024-7763 In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. 9.8 0.62% 2024-10-24 2026-06-17
CVE-2024-8755 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) 8.4 1.14% 2024-10-11 2026-06-17
CVE-2024-8048 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. 7.8 0.22% 2024-10-09 2026-06-17
CVE-2024-8015 In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. 9.1 0.82% 2024-10-09 2026-06-17
CVE-2024-8014 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. 8.8 0.60% 2024-10-09 2026-06-17
CVE-2024-7840 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. 7.8 0.66% 2024-10-09 2026-06-17
cvelogic Threat Intelligence