Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-8454 | It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then. | 9.8 | 0.23% | 2025-08-01 | 2026-06-17 |
| CVE-2015-0843 | yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | 9.8 | 0.39% | 2025-06-26 | 2026-06-16 |
| CVE-2015-0842 | yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. | 9.8 | 0.35% | 2025-06-26 | 2026-06-16 |
| CVE-2014-7210 | pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected. | 9.8 | 0.35% | 2025-06-26 | 2026-06-16 |
| CVE-2014-0468 | Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506. | 9.8 | 0.46% | 2025-06-26 | 2026-06-16 |
| CVE-2022-1664 | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | 9.8 | 2.87% | 2022-05-26 | 2026-06-17 |
| CVE-2016-1239 | duck before 0.10 did not properly handle loading of untrusted code from the current directory. | 9.8 | 1.16% | 2022-02-19 | 2026-06-16 |
| CVE-2022-0543 KEV | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 | 99.67% | 2022-02-18 | 2026-06-17 |
| CVE-2021-20001 | It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | 9.8 | 1.59% | 2022-02-11 | 2026-06-16 |
| CVE-2013-1437 | Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | 9.8 | 2.94% | 2020-01-28 | 2026-06-16 |
| CVE-2006-4243 | linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code. | 9.8 | 1.81% | 2019-11-05 | 2026-06-16 |
| CVE-2005-2354 | Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. | 9.8 | 1.85% | 2019-11-05 | 2026-06-16 |
| CVE-2015-8980 | The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | 9.8 | 6.71% | 2019-11-04 | 2026-06-16 |
| CVE-2019-3464 | Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 | 4.70% | 2019-02-06 | 2026-06-16 |
| CVE-2019-3463 | Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 | 4.87% | 2019-02-06 | 2026-06-16 |
| CVE-2018-13259 | An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. | 9.8 | 2.72% | 2018-09-05 | 2026-06-16 |
| CVE-2018-0502 | An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. | 9.8 | 2.49% | 2018-09-05 | 2026-06-16 |
| CVE-2011-2767 | mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | 9.8 | 8.95% | 2018-08-26 | 2026-06-16 |
| CVE-2018-0500 | Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). | 9.8 | 6.43% | 2018-07-11 | 2026-06-16 |
| CVE-2017-0372 | Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | 9.8 | 11.65% | 2018-04-13 | 2026-06-16 |