Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-2350

    SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.... Read more

    Affected Products : phpbb
    • EPSS Score: %0.54
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2366

    Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument.... Read more

    Affected Products : secure_ftp_server
    • EPSS Score: %1.74
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2374

    BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.... Read more

    Affected Products : badblue
    • EPSS Score: %3.45
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2380

    Directory traversal vulnerability in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to write arbitrary files via a .. (dot dot) in the attfile parameter.... Read more

    Affected Products : twilight_utilities_web_server
    • EPSS Score: %0.26
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2382

    The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?".... Read more

    Affected Products : perfectnav
    • EPSS Score: %0.95
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1593

    Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter.... Read more

    Affected Products : campus_pipeline
    • EPSS Score: %0.41
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-2383

    Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %23.38
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1586

    Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.... Read more

    Affected Products : flash_messaging_server
    • EPSS Score: %0.18
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2004-1896

    Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.... Read more

    Affected Products : winamp
    • EPSS Score: %24.91
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-2743

    upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files.... Read more

    Affected Products : mega_upload_progress_bar
    • EPSS Score: %0.52
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2742

    Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.... Read more

    Affected Products : crystal_enterprise
    • EPSS Score: %0.48
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2004-2583

    SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25.... Read more

    Affected Products : smartermail
    • EPSS Score: %0.83
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2734

    webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.... Read more

    Affected Products : netware
    • EPSS Score: %0.92
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2591

    The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data.... Read more

    Affected Products : cleancache
    • EPSS Score: %0.09
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2635

    An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.... Read more

    Affected Products : security_installer_control_system
    • EPSS Score: %2.16
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2623

    Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."... Read more

    Affected Products : rippy_the_aggregator
    • EPSS Score: %0.86
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2342

    ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using "aaaaaa".... Read more

    Affected Products : chatterbox
    • EPSS Score: %1.62
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2268

    PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.... Read more

    Affected Products : pimengest2
    • EPSS Score: %0.77
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2326

    SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34.... Read more

    • EPSS Score: %1.27
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2709

    Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.... Read more

    Affected Products : gyach_enhanced
    • EPSS Score: %1.42
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291741 Results