Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-1807

    The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.... Read more

    Affected Products : phpmailer
    • EPSS Score: %15.35
    • Published: May. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1800

    Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.... Read more

    Affected Products : clamav
    • EPSS Score: %0.37
    • Published: May. 28, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1795

    The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent ... Read more

    Affected Products : clamav
    • EPSS Score: %2.17
    • Published: May. 27, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1802

    Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.... Read more

    • EPSS Score: %0.76
    • Published: May. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1787

    setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.... Read more

    Affected Products : phpstat
    • EPSS Score: %6.81
    • Published: May. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1784

    Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.... Read more

    Affected Products : hosting_controller
    • EPSS Score: %0.44
    • Published: May. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1828

    D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.... Read more

    Affected Products : dsl-504t_firmware dsl-504t
    • EPSS Score: %0.60
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1827

    D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.... Read more

    Affected Products : dsl-504t_firmware dsl-504t
    • EPSS Score: %4.72
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1801

    The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.... Read more

    Affected Products : 9500
    • EPSS Score: %2.84
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1521

    Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which l... Read more

    Affected Products : mailutils
    • EPSS Score: %4.10
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1782

    Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, ... Read more

    Affected Products : bookreview
    • EPSS Score: %1.74
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-1797

    The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.... Read more

    Affected Products : openssl
    • EPSS Score: %0.30
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1408

    Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation.... Read more

    Affected Products : keynote
    • EPSS Score: %0.48
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1522

    The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.... Read more

    Affected Products : mailutils
    • EPSS Score: %0.91
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1520

    Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.... Read more

    Affected Products : mailutils
    • EPSS Score: %11.33
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1523

    Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.... Read more

    Affected Products : mailutils
    • EPSS Score: %14.09
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0150

    Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to ... Read more

    Affected Products : firefox
    • EPSS Score: %1.43
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2005-1751

    Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.... Read more

    Affected Products : shtool
    • EPSS Score: %0.08
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1786

    SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter.... Read more

    Affected Products : funkyasp_ad_system
    • EPSS Score: %0.60
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1252

    Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argume... Read more

    Affected Products : imail imail_server
    • EPSS Score: %0.33
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291737 Results