Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2005-3957

    Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.... Read more

    Affected Products : dotclear
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3951

    SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter.... Read more

    Affected Products : survey_wizard
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-3960

    Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information.... Read more

    Affected Products : kadu
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3936

    PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter.... Read more

    Affected Products : socketkb
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3943

    Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php.... Read more

    Affected Products : faq_system
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3931

    SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer.... Read more

    Affected Products : asp-rider
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-3934

    Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors.... Read more

    Affected Products : pcanywhere
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3704

    System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3705

    Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3700

    Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-3701

    Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.... Read more

    Affected Products : mac_os_x_server
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2757

    Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3702

    Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3929

    Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.... Read more

    Affected Products : xaraya
    • Published: Nov. 30, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3919

    Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php.... Read more

    Affected Products : pblang
    • Published: Nov. 30, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3904

    Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown att... Read more

    Affected Products : jre jdk
    • Published: Nov. 30, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3925

    Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id par... Read more

    Affected Products : helpdesk_issue_manager
    • Published: Nov. 30, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3915

    The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.... Read more

    • Published: Nov. 30, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3910

    merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.... Read more

    Affected Products : post_affiliate_pro
    • Published: Nov. 30, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3907

    Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrust... Read more

    Affected Products : jre jdk
    • Published: Nov. 30, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292811 Results