Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-1692

    Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.... Read more

    Affected Products : gxine
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1739

    The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.... Read more

    Affected Products : imagemagick graphicsmagick
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1701

    SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules.... Read more

    Affected Products : portailphp
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1696

    Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter... Read more

    Affected Products : postnuke
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1706

    Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection.... Read more

    Affected Products : mailscanner
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1737

    Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list.... Read more

    Affected Products : proms
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1714

    Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : surgemail
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-1705

    gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.... Read more

    Affected Products : gdb
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1715

    Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in... Read more

    Affected Products : topo
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1736

    PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended.... Read more

    Affected Products : proms
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1747

    Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, ... Read more

    Affected Products : weblogic_server weblogic_portal
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1745

    The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.... Read more

    Affected Products : weblogic_server weblogic_portal
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1743

    BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audi... Read more

    Affected Products : weblogic_server weblogic_portal
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1700

    SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.... Read more

    Affected Products : postnuke
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1748

    The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.... Read more

    Affected Products : weblogic_server weblogic_portal
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1683

    Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.... Read more

    Affected Products : word
    • Published: May. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1682

    JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messa... Read more

    Affected Products : solstice_internet_mail_server
    • Published: May. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1681

    PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php.... Read more

    Affected Products : php_advanced_transfer_manager
    • Published: May. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-1679

    Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message.... Read more

    Affected Products : picasm
    • Published: May. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.3

    MEDIUM
    CVE-2005-1688

    Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.... Read more

    Affected Products : wordpress
    • Published: May. 20, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293298 Results