Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-0543 KEV | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 | 94.42% | 2022-02-18 | 2025-11-10 |
| CVE-2015-8747 | The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. | 10.0 | 1.81% | 2016-02-03 | 2026-05-06 |
| CVE-2015-2788 | Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns. | 10.0 | 7.80% | 2015-04-14 | 2026-05-06 |
| CVE-2015-0850 | The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. | 10.0 | 6.68% | 2015-06-02 | 2026-05-06 |
| CVE-2014-6277 | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and oth | 10.0 | 86.75% | 2014-09-27 | 2026-05-06 |
| CVE-2014-0474 | The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." | 10.0 | 3.96% | 2014-04-23 | 2026-05-06 |
| CVE-2005-3344 | The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. | 10.0 | 10.15% | 2005-11-16 | 2026-04-16 |
| CVE-2005-2659 | Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors. | 10.0 | 1.00% | 2005-11-16 | 2026-04-16 |
| CVE-2005-2655 | lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | 10.0 | 0.40% | 2005-08-30 | 2026-04-16 |
| CVE-2005-2277 | Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | 10.0 | 8.54% | 2005-07-15 | 2026-04-16 |
| CVE-2005-2149 | config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. | 10.0 | 1.29% | 2005-07-06 | 2026-04-16 |
| CVE-2005-1851 | A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors. | 10.0 | 0.45% | 2005-07-19 | 2026-04-16 |
| CVE-2005-1850 | Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916. | 10.0 | 0.45% | 2005-07-19 | 2026-04-16 |
| CVE-2016-6903 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.9 | 2.10% | 2017-04-24 | 2026-05-13 |
| CVE-2016-6902 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.9 | 2.10% | 2017-04-24 | 2026-05-13 |
| CVE-2025-8454 | It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then. | 9.8 | 0.23% | 2025-08-01 | 2025-08-06 |
| CVE-2022-1664 | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | 9.8 | 0.74% | 2022-05-26 | 2024-11-21 |
| CVE-2021-20001 | It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | 9.8 | 0.77% | 2022-02-11 | 2024-11-21 |
| CVE-2019-3464 | Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 | 5.64% | 2019-02-06 | 2024-11-21 |
| CVE-2019-3463 | Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 | 4.62% | 2019-02-06 | 2024-11-21 |