Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-2204

    Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to sm... Read more

    Affected Products : etrust_siteminder
    • EPSS Score: %0.96
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2177

    Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infi... Read more

    Affected Products : net-snmp
    • EPSS Score: %11.10
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2198

    PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter.... Read more

    Affected Products : spid
    • EPSS Score: %2.96
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2214

    apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.... Read more

    Affected Products : apt-setup
    • EPSS Score: %0.05
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2150

    Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog... Read more

    Affected Products : windows_2000 windows_nt
    • EPSS Score: %29.44
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2182

    Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.... Read more

    Affected Products : bt-100_firmware bt-100
    • EPSS Score: %0.39
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2200

    Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.... Read more

    • EPSS Score: %0.69
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2181

    Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.... Read more

    • EPSS Score: %0.36
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-2201

    Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.... Read more

    • EPSS Score: %0.41
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2199

    PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.... Read more

    Affected Products : ppa_gallery
    • EPSS Score: %2.89
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-1768

    Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.10
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2190

    Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp... Read more

    Affected Products : comersus_cart
    • EPSS Score: %0.43
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2197

    SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.... Read more

    Affected Products : id_board
    • EPSS Score: %0.60
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2170

    The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data.... Read more

    Affected Products : tivoli_management_framework
    • EPSS Score: %1.69
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2188

    McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack.... Read more

    • EPSS Score: %0.72
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2178

    probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter. NOTE: it is unclear which product or vendor this program is associated with, if any.... Read more

    Affected Products : probe.cgi
    • EPSS Score: %2.10
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2207

    Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.... Read more

    Affected Products : cartwiz
    • EPSS Score: %0.33
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2184

    eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.... Read more

    Affected Products : eroom
    • EPSS Score: %0.90
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2005-2209

    Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.... Read more

    Affected Products : scanshare
    • EPSS Score: %0.04
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2185

    eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.... Read more

    Affected Products : eroom
    • EPSS Score: %0.64
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291712 Results