CVE-2026-27476

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the targe...

CVE-2026-27476 RustFly 2.0.0 Command Injection via UDP Remote Control

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the targe...

CVE-2026-27476

RustFly 2.0.0 is affected by a command-injection vulnerability in its remote UI control that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. The flaw allows an attacker to send crafted hex payloads to execute arbitrary commands on the target, potentially enabling ...

CVE-2025-5005

creationtimestamp| type| source ---|---|--- 2025-09-09 18:31:45+00:00| seen| https://gist.github.com/Darkcrai86/5173a60e71c60dd6669597b0920095fe...

Linux Distros Unpatched Vulnerability : CVE-2024-5005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5,...

CVE-2019-5005

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service application crash via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption...

CVE-2010-5005

Cross-site scripting XSS vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2024-5005

creationtimestamp| type| source ---|---|--- 2024-10-11 12:24:01+00:00| seen| https://vulnerability.circl.lu/bundle/db9dd42d-746e-40cf-bae6-61042f0c1d48...

CVE-2024-5005

Removed by vendor...

CVE-2024-5005 Incorrect Provision of Specified Functionality in GitLab

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...

mySCADA myPRO Hard-Coded Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the...

Malicious code in wlwz-2312-5005 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c11878fb7f8d63a7c50e16d6aef593f0decc3ebde705e39c70bd7fca11531996 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-625 Malicious code in wlwz-2312-5005 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c11878fb7f8d63a7c50e16d6aef593f0decc3ebde705e39c70bd7fca11531996 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-5005

creationtimestamp| type| source ---|---|--- 2023-12-21 23:16:42+00:00| seen| https://t.me/ctinow/158032...

CVE-2023-5005

CVE-2023-5005 affects the Autocomplete Location field for the Contact Form 7 WordPress plugin (and the Pro variant) where certain settings were not properly sanitized/escaped. This could allow high-privilege users (e.g., administrators) to perform a Stored Cross-Site Scripting (XSS) attack, even ...

CVE-2023-5005 Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting

The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

Ubuntu 16.04 ESM / 18.04 LTS : DjVuLibre vulnerability (USN-5005-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5005-1 advisory. It was discovered that DjVuLibre incorrectly handled certain djvu files. An attacker could possibly use this issue to execute arbitrary code or cause ...

Debian DSA-5005-1 : ruby-kaminari - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-5005 advisory. - In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1...

Virtuozzo Linux Errata and Bugfix Advisory 2020:5005

Upstream security update. Follow RHBA-2020:5005 for details...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5005. Reason: This candidate is a reservation duplicate of CVE-2014-5005. Notes: All CVE users should reference CVE-2014-5005 instead of this candidate. All references and descriptions in this candidate have been removed to...