Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-1743

    BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audi... Read more

    Affected Products : weblogic_server weblogic_portal
    • EPSS Score: %0.54
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1700

    SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.... Read more

    Affected Products : postnuke
    • EPSS Score: %0.27
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1739

    The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.... Read more

    Affected Products : imagemagick graphicsmagick
    • EPSS Score: %12.13
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1692

    Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.... Read more

    Affected Products : gxine
    • EPSS Score: %1.96
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1704

    Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section h... Read more

    Affected Products : gdb
    • EPSS Score: %0.22
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1698

    PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, ... Read more

    Affected Products : postnuke
    • EPSS Score: %0.32
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1738

    Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled ... Read more

    Affected Products : iron_bars_shell
    • EPSS Score: %0.89
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1737

    Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list.... Read more

    Affected Products : proms
    • EPSS Score: %0.53
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1710

    Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in t... Read more

    Affected Products : reporter
    • EPSS Score: %0.53
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1701

    SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules.... Read more

    Affected Products : portailphp
    • EPSS Score: %0.33
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1733

    Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt.... Read more

    Affected Products : cookie_cart
    • EPSS Score: %0.41
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1703

    Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference.... Read more

    Affected Products : warrior_kings_battles
    • EPSS Score: %5.88
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1696

    Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter... Read more

    Affected Products : postnuke
    • EPSS Score: %0.30
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1712

    Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.... Read more

    Affected Products : serendipity
    • EPSS Score: %0.44
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1713

    Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.... Read more

    Affected Products : serendipity
    • EPSS Score: %0.35
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1742

    BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."... Read more

    Affected Products : weblogic_server weblogic_portal
    • EPSS Score: %0.41
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1707

    The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.... Read more

    Affected Products : linux_webapp-config
    • EPSS Score: %0.23
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1697

    The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.... Read more

    Affected Products : postnuke
    • EPSS Score: %0.32
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1749

    Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).... Read more

    Affected Products : weblogic_server weblogic_portal
    • EPSS Score: %0.83
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1735

    Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : proms
    • EPSS Score: %0.34
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291908 Results