Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-1651

    Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule... Read more

    Affected Products : phpscheduleit
    • EPSS Score: %0.53
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-1653

    The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.... Read more

    Affected Products : openssh
    • EPSS Score: %0.51
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1648

    Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.... Read more

    Affected Products : password_protect
    • EPSS Score: %0.56
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1649

    Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.... Read more

    Affected Products : windows_2000
    • EPSS Score: %1.50
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1650

    D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.... Read more

    Affected Products : dcs-900_internet_camera
    • EPSS Score: %3.46
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1652

    phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.... Read more

    Affected Products : phpscheduleit
    • EPSS Score: %0.39
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1646

    Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.... Read more

    Affected Products : xedus
    • EPSS Score: %4.25
    • Published: Aug. 30, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1644

    Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address.... Read more

    Affected Products : xedus
    • EPSS Score: %1.08
    • Published: Aug. 30, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1660

    PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.... Read more

    Affected Products : cutenews
    • EPSS Score: %0.89
    • Published: Aug. 30, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1645

    Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.... Read more

    Affected Products : xedus
    • EPSS Score: %0.53
    • Published: Aug. 30, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1647

    SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edi... Read more

    Affected Products : password_protect
    • EPSS Score: %1.13
    • Published: Aug. 30, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1641

    Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.... Read more

    Affected Products : titan_ftp_server
    • EPSS Score: %7.86
    • Published: Aug. 29, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1643

    WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence.... Read more

    Affected Products : ws_ftp_server
    • EPSS Score: %9.47
    • Published: Aug. 29, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1642

    WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands.... Read more

    Affected Products : wftpd
    • EPSS Score: %6.02
    • Published: Aug. 29, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1640

    Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.... Read more

    Affected Products : xoops_dictionary
    • EPSS Score: %0.95
    • Published: Aug. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0820

    Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.... Read more

    Affected Products : winamp
    • EPSS Score: %1.77
    • Published: Aug. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1751

    Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error.... Read more

    • EPSS Score: %5.84
    • Published: Aug. 26, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1681

    Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.... Read more

    Affected Products : rtp photon_microgui
    • EPSS Score: %0.13
    • Published: Aug. 26, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1662

    YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.... Read more

    Affected Products : yabb
    • EPSS Score: %0.46
    • Published: Aug. 25, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0819

    The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.... Read more

    Affected Products : openbsd
    • EPSS Score: %0.74
    • Published: Aug. 25, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291615 Results