Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2005-1858 | FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information. | 2.1 | 0.76% | 2005-06-03 | 2026-04-16 |
| CVE-2005-1937 | A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718. | 2.6 | 2.59% | 2005-06-14 | 2026-04-16 |
| CVE-2005-0393 | The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors. | 7.2 | 0.38% | 2005-07-05 | 2026-04-16 |
| CVE-2005-2149 | config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. | 10.0 | 2.31% | 2005-07-06 | 2026-04-16 |
| CVE-2005-2148 | Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph. | 7.5 | 3.40% | 2005-07-06 | 2026-04-16 |
| CVE-2005-2147 | Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts. | 6.4 | 1.42% | 2005-07-06 | 2026-04-16 |
| CVE-2005-1848 | The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read. | 5.0 | 1.93% | 2005-07-11 | 2026-04-16 |
| CVE-2005-2277 | Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | 10.0 | 12.94% | 2005-07-15 | 2026-04-16 |
| CVE-2005-1851 | A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors. | 10.0 | 1.51% | 2005-07-19 | 2026-04-16 |
| CVE-2005-1850 | Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916. | 10.0 | 1.51% | 2005-07-19 | 2026-04-16 |
| CVE-2005-2355 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2335, CVE-2005-2356. Reason: due to a typo in an advisory, this candidate was accidentally referenced. Notes: All CVE users should consult CVE-2005-2335 and CVE-2005-2356 to determine the appropriate identifier for the issue | N/A | 0.26% | 2005-07-25 | 2023-11-07 |
| CVE-2005-2370 | Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. | 5.0 | 2.32% | 2005-07-26 | 2026-04-16 |
| CVE-2005-2369 | Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code. | 7.5 | 2.80% | 2005-07-26 | 2026-04-16 |
| CVE-2005-1852 | Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. | 7.5 | 4.70% | 2005-07-26 | 2026-04-16 |
| CVE-2005-1849 | inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | 5.0 | 4.00% | 2005-07-26 | 2026-04-16 |
| CVE-2005-2411 | Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user. | 5.1 | 1.91% | 2005-08-01 | 2026-04-16 |
| CVE-2005-1853 | gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges. | 7.2 | 0.52% | 2005-08-03 | 2026-04-16 |
| CVE-2005-2353 | run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | 2.1 | 0.29% | 2005-08-05 | 2026-04-16 |
| CVE-2005-1854 | Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server. | 7.5 | 2.13% | 2005-08-05 | 2026-04-16 |
| CVE-2005-2548 | vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd. | 5.0 | 3.00% | 2005-08-12 | 2026-04-16 |