Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2004-1909

    Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.... Read more

    Affected Products : clamav clamav
    • EPSS Score: %0.91
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1937

    Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrar... Read more

    Affected Products : nuked-klan
    • EPSS Score: %10.43
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1666

    Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.... Read more

    Affected Products : trillian
    • EPSS Score: %7.54
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2021

    Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.... Read more

    Affected Products : oscommerce
    • EPSS Score: %6.90
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2062

    SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters.... Read more

    Affected Products : antiboard
    • EPSS Score: %0.42
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1146

    Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.... Read more

    Affected Products : cvstrac
    • EPSS Score: %0.53
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-1150

    Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.... Read more

    Affected Products : winamp
    • EPSS Score: %6.62
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2107

    Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log ... Read more

    Affected Products : surfingate
    • EPSS Score: %10.43
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1296

    The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : groff
    • EPSS Score: %0.15
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1200

    Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.... Read more

    Affected Products : firefox
    • EPSS Score: %1.33
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1408

    The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files.... Read more

    Affected Products : image_gallery_web_application
    • EPSS Score: %0.85
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1406

    SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter.... Read more

    Affected Products : ikonboard
    • EPSS Score: %0.42
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2081

    The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file.... Read more

    Affected Products : sami_ftp_server
    • EPSS Score: %2.79
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2076

    Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : vbulletin
    • EPSS Score: %0.40
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2074

    Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.... Read more

    Affected Products : dream_ftp_server
    • EPSS Score: %55.56
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1386

    TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %1.20
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1396

    Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.... Read more

    Affected Products : winamp
    • EPSS Score: %2.61
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1397

    Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl.... Read more

    Affected Products : usemodwiki
    • EPSS Score: %0.41
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1400

    The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.... Read more

    Affected Products : asp_calendar
    • EPSS Score: %3.66
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1402

    SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.... Read more

    Affected Products : iwebnegar
    • EPSS Score: %0.40
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291863 Results