Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-2476

    Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter.... Read more

    Affected Products : shopping_cart
    • EPSS Score: %0.56
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2481

    ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.... Read more

    Affected Products : coldfusion_fusebox
    • EPSS Score: %0.30
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2478

    SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel.... Read more

    Affected Products : silvernews
    • EPSS Score: %0.96
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1268

    Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null... Read more

    • EPSS Score: %1.99
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2472

    Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands.... Read more

    Affected Products : businessmail
    • EPSS Score: %24.62
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1272

    Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.... Read more

    • EPSS Score: %78.26
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2005-2475

    Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.... Read more

    Affected Products : unzip vbase_web-remote
    • EPSS Score: %0.08
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1761

    Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.... Read more

    • EPSS Score: %0.03
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2471

    pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.... Read more

    Affected Products : netpbm
    • EPSS Score: %2.06
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2453

    Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string.... Read more

    Affected Products : networkactiv_web_server
    • EPSS Score: %1.06
    • Published: Aug. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2005-2456

    Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, wh... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.12
    • Published: Aug. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2455

    Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and ... Read more

    Affected Products : greasemonkey
    • EPSS Score: %8.54
    • Published: Aug. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2412

    PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter.... Read more

    Affected Products : php_firstpost
    • EPSS Score: %3.20
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2432

    SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.... Read more

    Affected Products : phplist
    • EPSS Score: %0.70
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2424

    The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web i... Read more

    Affected Products : santis_50
    • EPSS Score: %1.64
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2444

    Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.... Read more

    Affected Products : trillian_pro
    • EPSS Score: %0.07
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2415

    Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module.... Read more

    Affected Products : contrexx
    • EPSS Score: %1.60
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2414

    Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, ... Read more

    Affected Products : xpcom
    • EPSS Score: %5.00
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2417

    Contrexx before 1.0.5 allows remote attackers to obtain sensitive information via a direct request to /config/version.xml.... Read more

    Affected Products : contrexx
    • EPSS Score: %0.70
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2440

    SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote attackers to execute arbitrary SQL commands via the svmPassword parameter.... Read more

    Affected Products : web_skill_vantage_manager
    • EPSS Score: %0.73
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291641 Results