Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-1454

    SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query... Read more

    Affected Products : enterprise_linux freeradius
    • EPSS Score: %0.76
    • Published: May. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0040

    Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sendin... Read more

    Affected Products : dotnetnuke
    • EPSS Score: %0.53
    • Published: May. 19, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1656

    Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20").... Read more

    Affected Products : mercur_messaging
    • EPSS Score: %0.41
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1665

    The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.... Read more

    Affected Products : asp.net
    • EPSS Score: %34.53
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1649

    The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address ... Read more

    Affected Products : windows_2003_server windows_xp
    • EPSS Score: %15.94
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1668

    YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.... Read more

    Affected Products : web_asset_manager
    • EPSS Score: %0.74
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1653

    Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter.... Read more

    Affected Products : postmaster
    • EPSS Score: %0.87
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1660

    HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password.... Read more

    Affected Products : ezguestbook
    • EPSS Score: %1.02
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1652

    message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter.... Read more

    Affected Products : postmaster
    • EPSS Score: %0.57
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1659

    Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event.... Read more

    Affected Products : myserver
    • EPSS Score: %0.40
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1658

    Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot).... Read more

    Affected Products : myserver
    • EPSS Score: %0.22
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-1664

    The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3... Read more

    Affected Products : asp.net
    • EPSS Score: %19.65
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1667

    DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request.... Read more

    Affected Products : activity_console
    • EPSS Score: %2.06
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1661

    Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service (server crash) via a long GET request, possibly triggering a buffer overflow.... Read more

    Affected Products : jeuce_personal_web_server
    • EPSS Score: %0.88
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1644

    Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters.... Read more

    Affected Products : livre_d_or
    • EPSS Score: %1.01
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0515

    Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files.... Read more

    Affected Products : my_firewall_plus
    • EPSS Score: %0.07
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1654

    Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.... Read more

    Affected Products : hosting_controller
    • EPSS Score: %2.12
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1648

    Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.... Read more

    Affected Products : gurgens_ultimate_forum
    • EPSS Score: %1.02
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1645

    Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.... Read more

    Affected Products : imagegallery
    • EPSS Score: %4.00
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1657

    Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage... Read more

    Affected Products : mercur_messaging
    • EPSS Score: %0.80
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291659 Results