Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-2107

    Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.... Read more

    Affected Products : wordpress
    • EPSS Score: %0.91
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2085

    Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command.... Read more

    Affected Products : inframail_advantage
    • EPSS Score: %6.42
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2108

    SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.... Read more

    Affected Products : wordpress
    • EPSS Score: %1.06
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2105

    Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.... Read more

    Affected Products : ios
    • EPSS Score: %0.78
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2144

    Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file.... Read more

    Affected Products : prevx_pro_2005
    • EPSS Score: %0.07
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2086

    PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.... Read more

    Affected Products : phpbb
    • EPSS Score: %84.84
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2069

    pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sni... Read more

    Affected Products : openldap nss_ldap pam_ldap
    • EPSS Score: %2.84
    • Published: Jun. 30, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-2059

    Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via ... Read more

    Affected Products : ubb.threads
    • EPSS Score: %0.32
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0201

    D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.... Read more

    Affected Products : enterprise_linux d-bus
    • EPSS Score: %0.07
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2073

    Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.... Read more

    Affected Products : db2
    • EPSS Score: %0.06
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2078

    BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.... Read more

    Affected Products : bisonftp
    • EPSS Score: %0.61
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2070

    The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.... Read more

    Affected Products : sendmail
    • EPSS Score: %0.76
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2077

    Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter.... Read more

    Affected Products : hosting_controller
    • EPSS Score: %0.66
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2063

    Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp.... Read more

    Affected Products : activebuyandsell
    • EPSS Score: %0.30
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2056

    The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.... Read more

    Affected Products : clamav
    • EPSS Score: %1.10
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2072

    The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.29
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2076

    HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.... Read more

    • EPSS Score: %0.19
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2064

    Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, ... Read more

    Affected Products : asp-nuke
    • EPSS Score: %4.08
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2067

    SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter.... Read more

    Affected Products : asp-nuke
    • EPSS Score: %1.46
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-2054

    Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file.... Read more

    Affected Products : realplayer realone_player
    • EPSS Score: %0.64
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291638 Results