Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-3309

    Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php.... Read more

    Affected Products : zomplog
    • EPSS Score: %0.96
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3304

    Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the descript... Read more

    Affected Products : php-nuke
    • EPSS Score: %2.74
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3311

    BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : software_control-m_agent
    • EPSS Score: %0.06
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3308

    Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter i... Read more

    Affected Products : zomplog
    • EPSS Score: %0.95
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3306

    Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that... Read more

    Affected Products : flatnuke
    • EPSS Score: %0.40
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2005-3310

    Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by... Read more

    Affected Products : phpbb
    • EPSS Score: %0.54
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3307

    Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation.... Read more

    Affected Products : flatnuke
    • EPSS Score: %3.88
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2745

    Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.75
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2524

    Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.... Read more

    Affected Products : mac_os_x mac_os_x_server safari
    • EPSS Score: %0.40
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2742

    SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the des... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.08
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2743

    The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.... Read more

    Affected Products : quicktime mac_os_x mac_os_x_server
    • EPSS Score: %1.73
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2741

    Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.... Read more

    Affected Products : mac_os_x mac_os_x_server securityd
    • EPSS Score: %0.05
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2746

    Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.32
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-2744

    Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %4.81
    • Published: Oct. 25, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2748

    The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.10
    • Published: Oct. 25, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2747

    Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %4.65
    • Published: Oct. 25, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2708

    The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstr... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.10
    • Published: Oct. 25, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2970

    Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for ot... Read more

    • EPSS Score: %6.94
    • Published: Oct. 25, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2100

    The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).... Read more

    • EPSS Score: %0.06
    • Published: Oct. 25, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2927

    Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command.... Read more

    Affected Products : unixware
    • EPSS Score: %0.10
    • Published: Oct. 25, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292386 Results