Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2005-2641 | Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate. | 7.5 | 3.65% | 2005-08-23 | 2026-06-16 |
| CVE-2005-2556 | core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | 7.5 | 1.62% | 2005-08-24 | 2026-06-16 |
| CVE-2005-2717 | PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. | 7.5 | 2.02% | 2005-08-29 | 2026-06-16 |
| CVE-2005-1856 | The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack. | 2.1 | 0.33% | 2005-08-30 | 2026-06-16 |
| CVE-2005-1855 | Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information. | 2.1 | 0.36% | 2005-08-30 | 2026-06-16 |
| CVE-2005-2655 | lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | 10.0 | 1.48% | 2005-08-30 | 2026-06-16 |
| CVE-2005-2654 | phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set. | 7.5 | 1.78% | 2005-08-30 | 2026-06-16 |
| CVE-2005-2761 | Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message. | 4.3 | 1.03% | 2005-08-31 | 2026-06-16 |
| CVE-2005-1857 | Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply. | 7.5 | 4.32% | 2005-09-02 | 2026-06-16 |
| CVE-2005-2656 | Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities. | 2.1 | 0.33% | 2005-09-06 | 2026-06-16 |
| CVE-2005-2658 | Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month. | 7.5 | 2.48% | 2005-09-15 | 2026-06-16 |
| CVE-2005-2657 | Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before. | 4.6 | 0.36% | 2005-09-16 | 2026-06-16 |
| CVE-2005-2663 | masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file. | 2.1 | 0.36% | 2005-09-21 | 2026-06-16 |
| CVE-2005-2662 | masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message. | 7.5 | 2.39% | 2005-09-21 | 2026-06-16 |
| CVE-2005-3054 | fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory. | 2.1 | 0.44% | 2005-09-26 | 2026-06-16 |
| CVE-2005-2964 | Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism. | 7.5 | 4.59% | 2005-09-28 | 2026-06-16 |
| CVE-2005-2557 | Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | 4.3 | 2.58% | 2005-09-28 | 2026-06-16 |
| CVE-2005-2962 | The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password. | 2.1 | 0.36% | 2005-09-30 | 2026-06-16 |
| CVE-2005-2660 | apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug. | 2.1 | 0.36% | 2005-09-30 | 2026-06-16 |
| CVE-2005-2961 | Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag. | 7.5 | 8.62% | 2005-10-05 | 2026-06-16 |