Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-3186

    Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overfl... Read more

    Affected Products : gdkpixbuf gtk\+
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2929

    Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.... Read more

    Affected Products : lynx
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2976

    Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-318... Read more

    Affected Products : gdkpixbuf gtk
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-2975

    io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.... Read more

    Affected Products : gdkpixbuf gtk
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2939

    Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.... Read more

    Affected Products : workstation
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2936

    Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:... Read more

    Affected Products : realplayer realone_player
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2940

    Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (... Read more

    Affected Products : antispyware
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2938

    Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.... Read more

    Affected Products : itunes
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1925

    Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-3347

    Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) ... Read more

    Affected Products : phpgroupware
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3189

    Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command.... Read more

    Affected Products : worldmail_imap_server
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3662

    Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.... Read more

    Affected Products : pnmtopng
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3348

    HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the cha... Read more

    Affected Products : phpsysinfo
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3645

    phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php... Read more

    Affected Products : phpadsnew phppgads
    • Published: Nov. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3646

    Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.... Read more

    Affected Products : phpadsnew phppgads
    • Published: Nov. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3648

    Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.... Read more

    Affected Products : moodle
    • Published: Nov. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-3644

    PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large outp... Read more

    Affected Products : windows_2000 windows_xp
    • Published: Nov. 17, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3649

    jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.... Read more

    Affected Products : moodle
    • Published: Nov. 17, 2005
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2005-3650

    The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator,... Read more

    Affected Products : first4internet_xcp_drm
    • Published: Nov. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3647

    Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory.... Read more

    Affected Products : folder_guard
    • Published: Nov. 17, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292811 Results