Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-3571

    PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when ... Read more

    • EPSS Score: %8.98
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3559

    Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.... Read more

    Affected Products : asterisk
    • EPSS Score: %5.52
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2659

    Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.... Read more

    Affected Products : chm_lib
    • EPSS Score: %1.00
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3573

    Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).... Read more

    Affected Products : mailman
    • EPSS Score: %5.74
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3565

    Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.... Read more

    Affected Products : hp-ux
    • EPSS Score: %2.35
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3591

    Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFuncti... Read more

    Affected Products : flash_player
    • EPSS Score: %36.41
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-3595

    By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.... Read more

    Affected Products : windows_xp
    • EPSS Score: %36.98
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-3587

    Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.... Read more

    Affected Products : clamav
    • EPSS Score: %0.37
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-3580

    QDBM before 1.8.33-r2 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.... Read more

    Affected Products : qdbm
    • EPSS Score: %0.06
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2005-3548

    Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field.... Read more

    Affected Products : invision_board
    • EPSS Score: %0.37
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3578

    SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter.... Read more

    Affected Products : walla_telesite
    • EPSS Score: %0.34
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-3583

    (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font o... Read more

    Affected Products : jre sdk
    • EPSS Score: %0.94
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3552

    Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, ... Read more

    Affected Products : phpkit
    • EPSS Score: %1.42
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3550

    Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.... Read more

    Affected Products : toendacms
    • EPSS Score: %3.48
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-3589

    Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command.... Read more

    Affected Products : filezilla_server_terminal
    • EPSS Score: %67.66
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3572

    SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter.... Read more

    Affected Products : peel
    • EPSS Score: %0.50
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-3581

    GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.... Read more

    Affected Products : gdal
    • EPSS Score: %0.06
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3557

    Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.... Read more

    Affected Products : phplist
    • EPSS Score: %1.08
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3558

    PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters.... Read more

    Affected Products : oste
    • EPSS Score: %3.75
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3544

    Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : xmb
    • EPSS Score: %1.07
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292319 Results