Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-4403

    SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter.... Read more

    Affected Products : marwel
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4415

    Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter.... Read more

    Affected Products : tml
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4420

    Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm.... Read more

    Affected Products : honeycomb_archive_enterprise
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4417

    The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Aut... Read more

    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4405

    redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to obtain the full server path via invalid (1) yellowpage_id, (2) skin_id, (3) supplier_id, and (4) module parameters, which leaks the path in an error message.... Read more

    Affected Products : red_queen
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4425

    Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams.... Read more

    Affected Products : winroute_firewall
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-4423

    Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "... Read more

    Affected Products : phpfm
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4393

    Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters.... Read more

    Affected Products : e-publish
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4399

    Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter.... Read more

    Affected Products : libertas_enterprise_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4421

    Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name.... Read more

    Affected Products : dev-editor
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4412

    Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to direc... Read more

    Affected Products : program_neighborhood_client
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-4402

    Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command.... Read more

    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4411

    Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.... Read more

    Affected Products : mercury_mail_transport_system
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-4422

    Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/image... Read more

    Affected Products : toendacms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4394

    Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters.... Read more

    Affected Products : epix
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4406

    SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.... Read more

    Affected Products : mercury_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4398

    NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has... Read more

    Affected Products : lemoon
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4397

    SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter.... Read more

    Affected Products : icms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4407

    Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters.... Read more

    Affected Products : mercury_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4414

    Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."... Read more

    Affected Products : teamwork
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294863 Results