Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-2439

    SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function.... Read more

    Affected Products : usebb
    • EPSS Score: %0.62
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2427

    Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.... Read more

    Affected Products : cartwiz
    • EPSS Score: %0.43
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2424

    The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web i... Read more

    Affected Products : santis_50
    • EPSS Score: %1.64
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2412

    PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter.... Read more

    Affected Products : php_firstpost
    • EPSS Score: %3.20
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2444

    Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.... Read more

    Affected Products : trillian_pro
    • EPSS Score: %0.07
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2432

    SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.... Read more

    Affected Products : phplist
    • EPSS Score: %0.70
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2438

    Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value.... Read more

    Affected Products : usebb
    • EPSS Score: %0.64
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2421

    Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter.... Read more

    Affected Products : beehive_forum
    • EPSS Score: %0.59
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2425

    Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.... Read more

    Affected Products : fileshare
    • EPSS Score: %3.78
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2435

    Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter.... Read more

    Affected Products : website_baker
    • EPSS Score: %0.43
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2429

    Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office.... Read more

    Affected Products : firefox
    • EPSS Score: %0.30
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2434

    Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.... Read more

    Affected Products : wrt54g
    • EPSS Score: %0.26
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2437

    Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code.... Read more

    Affected Products : website_baker
    • EPSS Score: %0.43
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2079

    Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.... Read more

    Affected Products : backup_exec backup_exec
    • EPSS Score: %14.50
    • Published: Aug. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1762

    The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Aug. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-2411

    Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user.... Read more

    Affected Products : tdiary
    • EPSS Score: %0.93
    • Published: Aug. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-2407

    A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.11
    • Published: Aug. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2405

    Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing ar... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.34
    • Published: Aug. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2410

    Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.... Read more

    Affected Products : networkmanager
    • EPSS Score: %2.05
    • Published: Aug. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2409

    Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call.... Read more

    Affected Products : nbsmtp
    • EPSS Score: %11.45
    • Published: Aug. 01, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291601 Results