Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-3745

    Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates a... Read more

    Affected Products : struts
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3740

    Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.... Read more

    Affected Products : php_fusion
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3741

    Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions.... Read more

    Affected Products : almond_classifieds
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3747

    Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758.... Read more

    Affected Products : jetty
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-3749

    Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.... Read more

    Affected Products : aix
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3736

    Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in ... Read more

    Affected Products : e-quick_cart
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3737

    Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.... Read more

    Affected Products : inkscape
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3734

    Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.... Read more

    Affected Products : phpmyfaq
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3735

    Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.... Read more

    Affected Products : e-quick_cart
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3733

    The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute... Read more

    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2339

    Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : unicode_msearch
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-3732

    The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as... Read more

    Affected Products : ipsec-tools
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3632

    Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.... Read more

    Affected Products : netpbm
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3726

    SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter.... Read more

    Affected Products : articlelive_nx
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-3724

    Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.... Read more

    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3722

    The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.... Read more

    Affected Products : ip5000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3727

    SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter.... Read more

    Affected Products : revize_cms
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3728

    Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information.... Read more

    Affected Products : revize_cms
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3717

    The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system.... Read more

    Affected Products : f1000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3719

    Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration.... Read more

    Affected Products : ip5000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292811 Results