Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-2219 | It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). | 7.5 | 0.42% | 2026-03-07 | 2026-06-17 |
| CVE-2025-8454 | It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then. | 9.8 | 0.23% | 2025-08-01 | 2026-06-17 |
| CVE-2025-6297 | It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a | 8.2 | 0.27% | 2025-07-01 | 2026-06-17 |
| CVE-2015-0843 | yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | 9.8 | 0.39% | 2025-06-26 | 2026-06-16 |
| CVE-2015-0842 | yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. | 9.8 | 0.35% | 2025-06-26 | 2026-06-16 |
| CVE-2014-7210 | pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected. | 9.8 | 0.35% | 2025-06-26 | 2026-06-16 |
| CVE-2014-6274 | git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919. | 7.5 | 0.15% | 2025-06-26 | 2026-06-16 |
| CVE-2014-0468 | Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506. | 9.8 | 0.46% | 2025-06-26 | 2026-06-16 |
| CVE-2022-1664 | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | 9.8 | 2.87% | 2022-05-26 | 2026-06-17 |
| CVE-2016-1239 | duck before 0.10 did not properly handle loading of untrusted code from the current directory. | 9.8 | 1.16% | 2022-02-19 | 2026-06-16 |
| CVE-2022-0543 KEV | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 | 99.67% | 2022-02-18 | 2026-06-17 |
| CVE-2021-20001 | It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | 9.8 | 1.59% | 2022-02-11 | 2026-06-16 |
| CVE-2015-1877 | The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | 8.8 | 3.21% | 2021-06-02 | 2026-06-16 |
| CVE-2020-3811 | qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. | 7.5 | 1.77% | 2020-05-26 | 2026-06-16 |
| CVE-2016-9928 | MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | 7.4 | 4.51% | 2020-02-06 | 2026-06-16 |
| CVE-2013-1437 | Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | 9.8 | 2.94% | 2020-01-28 | 2026-06-16 |
| CVE-2015-2929 | The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. | 7.5 | 1.16% | 2020-01-24 | 2026-06-16 |
| CVE-2015-2928 | The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. | 7.5 | 1.38% | 2020-01-24 | 2026-06-16 |
| CVE-2015-2689 | Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | 7.5 | 2.19% | 2020-01-24 | 2026-06-16 |
| CVE-2015-2688 | buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | 7.5 | 2.19% | 2020-01-24 | 2026-06-16 |