Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-1913

    Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.... Read more

    Affected Products : php-nuke nukecalendar
    • EPSS Score: %0.02
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1891

    The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.... Read more

    Affected Products : irix
    • EPSS Score: %0.33
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1836

    SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action.... Read more

    Affected Products : invision_power_top_site_list
    • EPSS Score: %0.48
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1813

    VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authentication via an HTTP request to home.asp with a trailing slash (/).... Read more

    Affected Products : vgw4_8_telephony_gateway
    • EPSS Score: %4.39
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1799

    PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.... Read more

    Affected Products : openbsd
    • EPSS Score: %0.35
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1787

    SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries.... Read more

    Affected Products : postcalendar
    • EPSS Score: %0.82
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1779

    Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.... Read more

    Affected Products : thwboard_beta
    • EPSS Score: %0.53
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-1583

    Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT.... Read more

    Affected Products : tridcomm
    • EPSS Score: %0.55
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1529

    Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.... Read more

    Affected Products : php-nuke_event_calendar
    • EPSS Score: %0.67
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1518

    SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.... Read more

    Affected Products : phorum
    • EPSS Score: %0.58
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0323

    Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc ... Read more

    Affected Products : xmb
    • EPSS Score: %0.84
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2024

    The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.... Read more

    Affected Products : zen_cart
    • EPSS Score: %0.47
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2674

    Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.... Read more

    Affected Products : ftp_server
    • EPSS Score: %0.43
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2362

    PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php.... Read more

    Affected Products : phpx
    • EPSS Score: %0.90
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2316

    Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1.... Read more

    Affected Products : mbedthis_appweb_http_server
    • EPSS Score: %0.78
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2536

    The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows o... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.48
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2457

    Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a denial of service (crash) via a large amount of UDP traffic.... Read more

    Affected Products : 3crwe754g72-a
    • EPSS Score: %0.74
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2261

    Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.... Read more

    Affected Products : e107
    • EPSS Score: %0.48
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2699

    deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.... Read more

    Affected Products : aspdotnetstorefront
    • EPSS Score: %5.48
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2681

    PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session.... Read more

    Affected Products : matrixssl
    • EPSS Score: %0.50
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291736 Results