Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-0332

    Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.... Read more

    Affected Products : extremail
    • EPSS Score: %0.90
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0310

    Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url.... Read more

    Affected Products : livejournal
    • EPSS Score: %0.83
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0275

    SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.... Read more

    Affected Products : bosdates
    • EPSS Score: %0.47
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0263

    PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.... Read more

    Affected Products : http_server php http_server
    • EPSS Score: %0.96
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0337

    Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bu... Read more

    Affected Products : 602pro_lan_suite
    • EPSS Score: %0.42
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.0

    MEDIUM
    CVE-2004-0347

    Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter.... Read more

    Affected Products : netscreen-sa_5000_series
    • EPSS Score: %1.78
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0286

    Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.... Read more

    Affected Products : robotftp_server
    • EPSS Score: %11.65
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0264

    palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue.... Read more

    Affected Products : jim_rees_httpd palmhttpd
    • EPSS Score: %5.82
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0236

    SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field.... Read more

    Affected Products : thephototool
    • EPSS Score: %1.20
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1331

    The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %27.11
    • Published: Nov. 16, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1315

    viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special char... Read more

    Affected Products : phpbb
    • EPSS Score: %85.91
    • Published: Nov. 12, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0832

    The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be pass... Read more

    Affected Products : squid
    • EPSS Score: %12.29
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0206

    Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or applicati... Read more

    • EPSS Score: %80.40
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0938

    FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.... Read more

    Affected Products : enterprise_linux freeradius
    • EPSS Score: %5.47
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0840

    The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbit... Read more

    • EPSS Score: %47.85
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0958

    php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.... Read more

    Affected Products : php
    • EPSS Score: %11.18
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0837

    MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.... Read more

    Affected Products : debian_linux mysql mysql
    • EPSS Score: %2.36
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0836

    Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).... Read more

    Affected Products : debian_linux mysql
    • EPSS Score: %2.73
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0216

    Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calcula... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %48.49
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0552

    Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, ... Read more

    Affected Products : small_business_suite
    • EPSS Score: %16.37
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291712 Results