Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-0314

    Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter.... Read more

    Affected Products : webzedit
    • EPSS Score: %0.30
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0309

    Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO ... Read more

    Affected Products : zonealarm integrity
    • EPSS Score: %26.69
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0303

    OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, ... Read more

    Affected Products : owls_workshop
    • EPSS Score: %8.93
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0356

    Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version.... Read more

    Affected Products : slmail_pro
    • EPSS Score: %7.57
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0265

    Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.... Read more

    Affected Products : php-nuke
    • EPSS Score: %10.47
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0261

    oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.... Read more

    Affected Products : openjournal
    • EPSS Score: %2.83
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2004-0259

    The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS)... Read more

    Affected Products : formmail.php
    • EPSS Score: %0.67
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0257

    OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.... Read more

    Affected Products : netbsd openbsd
    • EPSS Score: %2.03
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0249

    PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.... Read more

    Affected Products : phpx
    • EPSS Score: %4.76
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0349

    Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL.... Read more

    Affected Products : gweb_http_server
    • EPSS Score: %3.45
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0636

    Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.... Read more

    Affected Products : instant_messenger
    • EPSS Score: %78.52
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0331

    Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.... Read more

    Affected Products : openmanage
    • EPSS Score: %67.53
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0247

    The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service (crash via exception) via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory.... Read more

    Affected Products : chaser_client chaser_server
    • EPSS Score: %6.88
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0358

    Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in adm... Read more

    Affected Products : virtuanews_pro
    • EPSS Score: %0.62
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0291

    SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.... Read more

    Affected Products : yabb
    • EPSS Score: %0.37
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0267

    The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.... Read more

    Affected Products : inoculateit
    • EPSS Score: %0.13
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0274

    Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.... Read more

    Affected Products : eggdrop_irc_bot
    • EPSS Score: %1.41
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0305

    Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter.... Read more

    Affected Products : webstores_2000
    • EPSS Score: %2.50
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0302

    Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.... Read more

    Affected Products : owls_workshop
    • EPSS Score: %3.54
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1331

    The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %27.11
    • Published: Nov. 16, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291722 Results