Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-0621

    admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.... Read more

    Affected Products : newsletter_zws
    • EPSS Score: %2.94
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0610

    The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections.... Read more

    Affected Products : mn-500_wireless_base_station
    • EPSS Score: %19.17
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-0612

    The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is requir... Read more

    Affected Products : zonealarm
    • EPSS Score: %0.36
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0576

    The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.... Read more

    Affected Products : radius
    • EPSS Score: %0.74
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0578

    WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.... Read more

    Affected Products : wingate
    • EPSS Score: %0.76
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-0614

    osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size.... Read more

    Affected Products : osticket_sts
    • EPSS Score: %0.64
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0605

    Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly maki... Read more

    Affected Products : ircd-hybrid ircd-ratbox
    • EPSS Score: %5.17
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1581

    Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.... Read more

    Affected Products : debian_linux mailreader.com
    • EPSS Score: %9.75
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0633

    The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.... Read more

    • EPSS Score: %37.28
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0623

    Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.... Read more

    Affected Products : gnats
    • EPSS Score: %3.45
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2004-0456

    Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.... Read more

    Affected Products : debian_linux linux pavuk
    • EPSS Score: %1.29
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0577

    WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.... Read more

    Affected Products : wingate
    • EPSS Score: %0.39
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0618

    FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.23
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0625

    SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page.... Read more

    Affected Products : infinity_web
    • EPSS Score: %0.81
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-0620

    Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.... Read more

    Affected Products : vbulletin
    • EPSS Score: %3.79
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0451

    Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.... Read more

    Affected Products : debian_linux sup
    • EPSS Score: %3.66
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0590

    FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-sig... Read more

    • EPSS Score: %0.58
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0604

    The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.... Read more

    Affected Products : linux gift-fasttrack
    • EPSS Score: %1.27
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0608

    The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and ea... Read more

    • EPSS Score: %60.18
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0626

    The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negat... Read more

    Affected Products : linux_kernel suse_linux linux linux
    • EPSS Score: %1.74
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291634 Results