Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-4048

    Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary... Read more

    Affected Products : ffmpeg
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4058

    SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php.... Read more

    Affected Products : saralblog
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4062

    Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters.... Read more

    Affected Products : xcclassified
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4057

    Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Location, (2) Last Name, and (3) First Name parameters.... Read more

    Affected Products : pluggedout_nexus
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2005-4046

    Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, ... Read more

    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4063

    Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp.... Read more

    Affected Products : netauctionhelp
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4052

    e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection t... Read more

    Affected Products : e107
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4056

    SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) Last Name, and (3) First Name parameters.... Read more

    Affected Products : pluggedout_nexus
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4049

    Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php.... Read more

    Affected Products : blog_system
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4060

    Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter.... Read more

    Affected Products : rwauction_pro
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4055

    SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and (2) car parameters.... Read more

    Affected Products : cars_portal
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4047

    Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter.... Read more

    Affected Products : aspknowledgebase
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4053

    Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html.... Read more

    Affected Products : cowiki
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4064

    Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.... Read more

    Affected Products : a-faq
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4065

    SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.... Read more

    Affected Products : trac
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2005-2923

    The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.... Read more

    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3191

    Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpd... Read more

    Affected Products : xpdf
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2931

    Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO... Read more

    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3193

    Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assis... Read more

    Affected Products : xpdf
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4039

    Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter.... Read more

    Affected Products : portal_solutions
    • Published: Dec. 06, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292795 Results