聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2022-0543 KEV | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 | 99.67% | 2022-02-18 | 2026-06-17 |
| CVE-2015-8747 | The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. | 10.0 | 2.94% | 2016-02-03 | 2026-06-16 |
| CVE-2015-2788 | Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns. | 10.0 | 4.25% | 2015-04-14 | 2026-06-16 |
| CVE-2015-0850 | The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. | 10.0 | 4.50% | 2015-06-02 | 2026-06-16 |
| CVE-2014-6277 | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and oth | 10.0 | 64.33% | 2014-09-27 | 2026-06-16 |
| CVE-2014-0474 | The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." | 10.0 | 4.75% | 2014-04-23 | 2026-06-16 |
| CVE-2005-3344 | The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. | 10.0 | 7.99% | 2005-11-16 | 2026-06-16 |
| CVE-2005-2659 | Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors. | 10.0 | 2.16% | 2005-11-16 | 2026-06-16 |
| CVE-2005-2655 | lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | 10.0 | 1.48% | 2005-08-30 | 2026-06-16 |
| CVE-2005-2277 | Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | 10.0 | 12.94% | 2005-07-15 | 2026-06-16 |
| CVE-2005-2149 | config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. | 10.0 | 2.31% | 2005-07-06 | 2026-06-16 |
| CVE-2005-1851 | A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors. | 10.0 | 1.51% | 2005-07-19 | 2026-06-16 |
| CVE-2005-1850 | Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916. | 10.0 | 1.51% | 2005-07-19 | 2026-06-16 |
| CVE-2016-6903 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.9 | 4.94% | 2017-04-24 | 2026-06-16 |
| CVE-2016-6902 | lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.9 | 5.08% | 2017-04-24 | 2026-06-16 |
| CVE-2025-8454 | It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then. | 9.8 | 0.23% | 2025-08-01 | 2026-06-17 |
| CVE-2022-1664 | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | 9.8 | 2.87% | 2022-05-26 | 2026-06-17 |
| CVE-2021-20001 | It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | 9.8 | 1.59% | 2022-02-11 | 2026-06-16 |
| CVE-2019-3464 | Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 | 4.70% | 2019-02-06 | 2026-06-16 |
| CVE-2019-3463 | Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 | 4.87% | 2019-02-06 | 2026-06-16 |