聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2024-3995 | In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. | 2.0 | 0.07% | 2024-06-28 | 2026-04-15 |
| CVE-2024-5250 | In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations | 3.5 | 0.49% | 2024-07-30 | 2024-11-21 |
| CVE-2024-0325 | In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. | 3.6 | 0.11% | 2024-02-01 | 2024-11-21 |
| CVE-2022-2394 | Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | 4.1 | 0.25% | 2022-07-19 | 2024-11-21 |
| CVE-2024-3825 | Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration | 4.3 | 0.17% | 2024-04-17 | 2026-04-15 |
| CVE-2021-27019 | PuppetDB logging included potentially sensitive system information. | 4.3 | 0.20% | 2021-08-30 | 2024-11-21 |
| CVE-2023-5255 | For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. | 4.4 | 0.15% | 2023-10-03 | 2025-11-20 |
| CVE-2021-27026 | A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | 4.4 | 0.06% | 2021-11-18 | 2024-11-21 |
| CVE-2021-27022 | A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | 4.9 | 0.34% | 2021-09-07 | 2024-11-21 |
| CVE-2017-2293 | Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy. | 4.9 | 0.22% | 2018-02-01 | 2024-11-21 |
| CVE-2025-14591 | In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally identifiable information (PII) unmasked. | 5.3 | 0.03% | 2025-12-20 | 2026-01-05 |
| CVE-2025-13472 | A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI. | 5.3 | 0.06% | 2025-12-03 | 2026-04-15 |
| CVE-2024-5174 | A flaw in Gliffy results in broken authentication through the reset functionality of the application. | 5.3 | 0.15% | 2025-02-24 | 2026-04-15 |
| CVE-2023-1894 | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. | 5.3 | 0.05% | 2023-05-04 | 2025-01-29 |
| CVE-2016-9686 | The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2. | 5.3 | 0.38% | 2017-02-08 | 2026-05-13 |
| CVE-2024-9160 | In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered. | 5.4 | 0.04% | 2024-09-27 | 2026-04-29 |
| CVE-2024-6727 | A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application. | 5.4 | 0.11% | 2024-07-29 | 2026-04-15 |
| CVE-2024-5249 | In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. | 5.4 | 0.26% | 2024-07-30 | 2024-11-21 |
| CVE-2018-6511 | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | 5.4 | 0.28% | 2018-05-08 | 2024-11-21 |
| CVE-2018-6510 | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | 5.4 | 0.28% | 2018-05-08 | 2024-11-21 |