Miggo Logo

Miggo Predictive Vulnerability Database

Comprehensive vulnerability intelligence for security teams to gain clarity into CVEs to prioritize and respond with precision.

Concerned about an active attack path? Talk to our security experts and see Miggo in action

Contact UsArrow Right
Hero Image
New Vulnerabilities

Top 10 CVEs

CVE-2021-44228

10
critical
Remote code injection in Log4j
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
12/10/2021
Updated
5/9/2025

CVE-2022-22965

9.8
critical
Remote Code Execution in Spring Framework
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
3/31/2022
Updated
1/29/2025

CVE-2022-1471

8.3
high
SnakeYaml Constructor Deserialization Remote Code Execution
Public FixFix Available
-
Vulnerable Functions6 Vulnerable Functions
Published
12/12/2022
Updated
2/6/2025

CVE-2023-50164

9.8
critical
Apache Struts vulnerable to path traversal
Public FixFix Available
-
Vulnerable Functions4 Vulnerable Functions
Published
12/7/2023
Updated
2/13/2025

CVE-2024-27348

9.8
critical
Apache HugeGraph-Server: Command execution in gremlin
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
4/22/2024
Updated
2/13/2025

CVE-2024-53677

9.5
critical
Apache Struts file upload logic is flawed
Public FixFix Available
-
Vulnerable Functions2 Vulnerable Functions
Published
12/11/2024
Updated
1/3/2025

CVE-2025-1974

9.8
critical
ingress-nginx admission controller RCE escalation
Public FixNo Fix
-
Vulnerable Functions2 Vulnerable Functions
Published
3/25/2025
Updated
3/25/2025

CVE-2025-24813

9.8
critical
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
3/10/2025
Updated
3/19/2025

CVE-2025-29927

9.1
critical
Authorization Bypass in Next.js Middleware
Public FixFix Available
-
Vulnerable Functions3 Vulnerable Functions
Published
3/21/2025
Updated
3/24/2025

CVE-2025-3248

9.8
critical
Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
4/7/2025
Updated
4/10/2025
New Vulnerabilities

New vulnerabilities last 30 days

CVE-2025-66295: Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System Corruption
Grav Admin UI path traversal in user creation writes arbitrary YAML files via malicious usernames, causing account takeover and system config corruption.
Miggo AI
Analysis:
Available
8.8
high
12/2/2025
CVE-2025-66306: Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel
Grav Admin Panel IDOR grants low-privilege users account enumeration by leaking sensitive emails in the HTML title of 403 Forbidden user account pages.
Miggo AI
Analysis:
Available
4.3
medium
12/2/2025
CVE-2025-66302: Grav vulnerable to Path Traversal allowing server files backup
Grav CMS path traversal in the backup tool grants authenticated admins arbitrary file read access via unsanitized path input, risking sensitive file exposure.
Miggo AI
Analysis:
Available
6.8
medium
12/2/2025
CVE-2025-66401: MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL
MCP Watch Command Injection in the cloneRepo method grants RCE via a malicious URL with shell metacharacters passed directly to the execSync function.
Miggo AI
Analysis:
Available
9.8
critical
12/2/2025