Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-2206

    Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4)... Read more

    Affected Products : cartwiz
    • EPSS Score: %0.45
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2185

    eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.... Read more

    Affected Products : eroom
    • EPSS Score: %0.64
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2005-2209

    Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.... Read more

    Affected Products : scanshare
    • EPSS Score: %0.04
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2191

    Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to come... Read more

    Affected Products : comersus_cart
    • EPSS Score: %0.41
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2202

    Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    • EPSS Score: %0.36
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2193

    SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-sup... Read more

    Affected Products : punbb
    • EPSS Score: %0.49
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2179

    PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter.... Read more

    Affected Products : jaws
    • EPSS Score: %0.63
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2214

    apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.... Read more

    Affected Products : apt-setup
    • EPSS Score: %0.05
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-1768

    Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.10
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2199

    PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.... Read more

    Affected Products : ppa_gallery
    • EPSS Score: %2.89
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2190

    Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp... Read more

    Affected Products : comersus_cart
    • EPSS Score: %0.43
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-2176

    Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.... Read more

    Affected Products : netmail
    • EPSS Score: %4.32
    • Published: Jul. 09, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2175

    The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.... Read more

    Affected Products : lotus_notes notes
    • EPSS Score: %13.19
    • Published: Jul. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2174

    Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL repli... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.40
    • Published: Jul. 08, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2173

    The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.38
    • Published: Jul. 08, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1841

    The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.... Read more

    Affected Products : acrobat_reader
    • EPSS Score: %0.10
    • Published: Jul. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2151

    spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.... Read more

    Affected Products : courier_mail_server
    • EPSS Score: %0.34
    • Published: Jul. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2155

    PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter.... Read more

    Affected Products : easyphpcalendar
    • EPSS Score: %2.11
    • Published: Jul. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2165

    read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters.... Read more

    Affected Products : globalnotescript
    • EPSS Score: %2.16
    • Published: Jul. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2164

    SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.... Read more

    Affected Products : covide
    • EPSS Score: %0.43
    • Published: Jul. 06, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291921 Results