Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2005-3503

    chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges.... Read more

    Affected Products : pwdutils
    • EPSS Score: %0.70
    • Published: Nov. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3502

    attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.... Read more

    Affected Products : cerberus_helpdesk
    • EPSS Score: %0.62
    • Published: Nov. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3501

    The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.... Read more

    Affected Products : clamav
    • EPSS Score: %7.23
    • Published: Nov. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-2628

    Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.... Read more

    Affected Products : flash_player
    • EPSS Score: %32.70
    • Published: Nov. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3495

    Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies.... Read more

    Affected Products : ar-blog
    • EPSS Score: %0.64
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3497

    SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this is 100% false reporting, this is a... Read more

    Affected Products : php_handicapper
    • EPSS Score: %0.62
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3496

    Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the... Read more

    Affected Products : php_handicapper
    • EPSS Score: %0.55
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3493

    Battle Carry .005 and earlier allows remote attackers to cause a denial of service (inaccessible port) via a large packet, which triggers a socket error and terminates the socket that is listening on the server's UDP port.... Read more

    Affected Products : battle_carry
    • EPSS Score: %4.74
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3492

    FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null dereference.... Read more

    Affected Products : flatfrag
    • EPSS Score: %8.73
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3489

    Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string.... Read more

    Affected Products : video_security_online
    • EPSS Score: %23.07
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3499

    Frisk F-Prot Antivirus allows remote attackers to bypass protection via a ZIP file with a version header greater than 15, which prevents F-Prot from decompressing and analyzing the file.... Read more

    Affected Products : f-prot_antivirus
    • EPSS Score: %1.24
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3350

    libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.... Read more

    Affected Products : libungif
    • EPSS Score: %3.60
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3491

    Multiple buffer overflows in the receiver function in loop.c in FlatFrag 0.3 and earlier allow remote attackers to execute arbitrary code via the (1) version, (2) name, and (3) model fields.... Read more

    Affected Products : flatfrag
    • EPSS Score: %7.07
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3494

    Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment.... Read more

    Affected Products : ar-blog
    • EPSS Score: %0.44
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3498

    IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allo... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %51.95
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3490

    Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.... Read more

    Affected Products : video_security_online
    • EPSS Score: %0.52
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2974

    libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.... Read more

    Affected Products : libungif
    • EPSS Score: %4.88
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3486

    Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other unspec... Read more

    Affected Products : scorched_3d
    • EPSS Score: %14.12
    • Published: Nov. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3485

    Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote attackers to execute arbitrary code via a gl_playerEnter command with a long player name.... Read more

    Affected Products : collectn_kill
    • EPSS Score: %11.75
    • Published: Nov. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3483

    Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size.... Read more

    Affected Products : windows go-global
    • EPSS Score: %19.54
    • Published: Nov. 03, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292319 Results