Every CVE whose affected-product data names Arc2 Project Arc2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2012-5872 — CVSS 9.8 (critical): ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a…
CVE-2012-5873 — CVSS 5.3 (medium): ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.