Every CVE whose affected-product data names Fossil-scm Fossil, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2020-24614 — CVSS 8.8 (high): Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An…
CVE-2021-36377 — CVSS 7.5 (high): Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.
CVE-2022-34009 — CVSS 5.5 (medium): Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the…