Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2004-0207

    "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions... Read more

    • EPSS Score: %1.59
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0837

    MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.... Read more

    Affected Products : debian_linux mysql mysql
    • EPSS Score: %2.36
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0718

    The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements wit... Read more

    • EPSS Score: %52.24
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0959

    rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.... Read more

    Affected Products : php
    • EPSS Score: %5.20
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0815

    The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary fil... Read more

    Affected Products : samba
    • EPSS Score: %8.22
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0844

    Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byt... Read more

    Affected Products : ie
    • EPSS Score: %53.43
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1121

    Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.... Read more

    Affected Products : safari
    • EPSS Score: %3.23
    • Published: Nov. 01, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1350

    Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.... Read more

    Affected Products : java_system_web_proxy_server
    • EPSS Score: %25.41
    • Published: Oct. 30, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1637

    The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections.... Read more

    Affected Products : har11a_dsl_router
    • EPSS Score: %0.72
    • Published: Oct. 26, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1639

    Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.... Read more

    Affected Products : firefox mozilla gecko
    • EPSS Score: %0.89
    • Published: Oct. 26, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1636

    Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.... Read more

    Affected Products : wvtftp
    • EPSS Score: %6.82
    • Published: Oct. 26, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1630

    Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter.... Read more

    Affected Products : work_flow_engine
    • EPSS Score: %0.44
    • Published: Oct. 25, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1634

    show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive informa... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.44
    • Published: Oct. 25, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1632

    Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php.... Read more

    Affected Products : moniwiki
    • EPSS Score: %0.44
    • Published: Oct. 25, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1631

    Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results.... Read more

    Affected Products : work_flow_engine
    • EPSS Score: %0.44
    • Published: Oct. 25, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1633

    process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.29
    • Published: Oct. 25, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1635

    Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remot... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.62
    • Published: Oct. 24, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1629

    Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements.... Read more

    Affected Products : dwc_articles
    • EPSS Score: %0.49
    • Published: Oct. 23, 2004
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2004-1628

    Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.... Read more

    Affected Products : rssh
    • EPSS Score: %2.56
    • Published: Oct. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1626

    Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.... Read more

    Affected Products : ability_server
    • EPSS Score: %73.36
    • Published: Oct. 22, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291794 Results