Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-2624

    Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement.... Read more

    Affected Products : cpaint
    • EPSS Score: %0.34
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2625

    Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist.... Read more

    Affected Products : cpaint
    • EPSS Score: %0.90
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2623

    ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost.... Read more

    Affected Products : ecw-shop
    • EPSS Score: %0.38
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2597

    AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program.... Read more

    Affected Products : aol_client_software
    • EPSS Score: %0.05
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2590

    Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : mindalign
    • EPSS Score: %0.46
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2606

    Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors.... Read more

    Affected Products : phlymail
    • EPSS Score: %0.60
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2615

    Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.... Read more

    Affected Products : eqdkp
    • EPSS Score: %0.53
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2599

    Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges.... Read more

    Affected Products : connectivity
    • EPSS Score: %0.29
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2602

    Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.... Read more

    Affected Products : firefox thunderbird
    • EPSS Score: %0.45
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-2605

    Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.... Read more

    Affected Products : lasso_professional_server
    • EPSS Score: %0.51
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2607

    PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.... Read more

    Affected Products : simplicity_of_upload
    • EPSS Score: %0.59
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2614

    Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.... Read more

    Affected Products : discuz
    • EPSS Score: %2.16
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2596

    User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.... Read more

    Affected Products : gallery
    • EPSS Score: %0.09
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2616

    Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.... Read more

    Affected Products : ezupload
    • EPSS Score: %20.09
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2608

    SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.... Read more

    Affected Products : safehtml
    • EPSS Score: %0.34
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2609

    index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter.... Read more

    Affected Products : vegadns
    • EPSS Score: %0.46
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2620

    grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.... Read more

    Affected Products : groupwise
    • EPSS Score: %1.76
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2589

    Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.... Read more

    Affected Products : wrt54gs
    • EPSS Score: %0.29
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-2613

    Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors.... Read more

    Affected Products : cpaint
    • EPSS Score: %0.48
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2604

    index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message.... Read more

    Affected Products : my_image_gallery
    • EPSS Score: %0.73
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291589 Results