Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2005-0611

    Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.... Read more

    Affected Products : realplayer realone_player helix_player
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 6.2

    MEDIUM
    CVE-2005-0602

    Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.... Read more

    Affected Products : unzip
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0459

    phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.... Read more

    Affected Products : phpmyadmin
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0011

    Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based b... Read more

    Affected Products : kde kde
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0017

    The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : f2c_translator
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0059

    Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0544

    phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.i... Read more

    Affected Products : phpmyadmin
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0078

    The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0525

    The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes... Read more

    Affected Products : php
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0205

    KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over D... Read more

    Affected Products : kde kppp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0649

    Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities."... Read more

    Affected Products : safehtml
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0660

    Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.... Read more

    Affected Products : d-forum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0854

    betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp.... Read more

    Affected Products : betaparticle_blog
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0533

    Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a st... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0568

    Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.... Read more

    Affected Products : soldier_of_fortune_2
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0526

    Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which... Read more

    Affected Products : pblang
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0530

    Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument.... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0852

    Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.... Read more

    Affected Products : windows_xp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1015

    Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.... Read more

    Affected Products : imapd
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0975

    Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafte... Read more

    Affected Products : mac_os_x mac_os_x_server darwin_kernel
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292814 Results