Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-1578

    The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is no... Read more

    Affected Products : sap_r_3
    • EPSS Score: %1.26
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1935

    Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment.... Read more

    Affected Products : campus_pipeline
    • EPSS Score: %0.56
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0593

    Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vuln... Read more

    Affected Products : opera_browser
    • EPSS Score: %0.15
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0905

    Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.... Read more

    Affected Products : windows_2000 windows_media_services
    • EPSS Score: %27.22
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0122

    Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.... Read more

    Affected Products : msn_messenger
    • EPSS Score: %32.96
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1577

    SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts.... Read more

    Affected Products : sap_r_3
    • EPSS Score: %0.64
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0364

    The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.... Read more

    Affected Products : norton_internet_security
    • EPSS Score: %2.88
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0173

    Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.... Read more

    Affected Products : http_server
    • EPSS Score: %37.03
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0362

    Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI respon... Read more

    • EPSS Score: %83.40
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0363

    Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method... Read more

    Affected Products : norton_antispam
    • EPSS Score: %72.68
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.0

    HIGH
    CVE-2004-0217

    The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.... Read more

    Affected Products : linux antivirus_scan_engine
    • EPSS Score: %0.13
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1037

    Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."... Read more

    Affected Products : internet_transaction_server
    • EPSS Score: %1.92
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1035

    The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.... Read more

    Affected Products : sapgui sap_r_3
    • EPSS Score: %0.36
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0202

    The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : metrics
    • EPSS Score: %0.07
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1939

    Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.... Read more

    Affected Products : zaep_antispam
    • EPSS Score: %0.88
    • Published: Apr. 14, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1944

    Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message.... Read more

    Affected Products : eudora
    • EPSS Score: %3.92
    • Published: Apr. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1936

    ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters.... Read more

    Affected Products : zonealarm
    • EPSS Score: %0.36
    • Published: Apr. 14, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1929

    SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.... Read more

    Affected Products : php-nuke
    • EPSS Score: %0.13
    • Published: Apr. 13, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1756

    BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other user... Read more

    Affected Products : weblogic_server
    • EPSS Score: %1.80
    • Published: Apr. 13, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1758

    BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.12
    • Published: Apr. 13, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291269 Results