Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-0566

    Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %57.43
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0725

    Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : moodle
    • EPSS Score: %1.96
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2004-0698

    4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.... Read more

    Affected Products : webstar
    • EPSS Score: %0.07
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0727

    Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to anot... Read more

    Affected Products : internet_explorer
    • EPSS Score: %64.04
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0733

    Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.... Read more

    Affected Products : ollydbg
    • EPSS Score: %19.34
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0736

    The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.... Read more

    Affected Products : php-nuke
    • EPSS Score: %0.02
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0700

    Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HT... Read more

    Affected Products : linux mod_ssl
    • EPSS Score: %30.65
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0705

    Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow r... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.86
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0742

    Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view.... Read more

    Affected Products : java_system_calendar_server
    • EPSS Score: %1.04
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0632

    Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer ... Read more

    Affected Products : acrobat acrobat_reader
    • EPSS Score: %23.15
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0731

    Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.... Read more

    Affected Products : php-nuke
    • EPSS Score: %0.06
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0739

    Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename.... Read more

    Affected Products : whisper_ftp_surfer
    • EPSS Score: %0.96
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0732

    SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.... Read more

    Affected Products : php-nuke
    • EPSS Score: %0.04
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0595

    The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and... Read more

    • EPSS Score: %31.52
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0728

    The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory addre... Read more

    Affected Products : systems_management_server
    • EPSS Score: %46.09
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0701

    Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to g... Read more

    Affected Products : ray_server_software
    • EPSS Score: %0.10
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0724

    The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet.... Read more

    • EPSS Score: %0.74
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0696

    The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "*" (asterisk) character.... Read more

    Affected Products : webstar
    • EPSS Score: %0.36
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0721

    Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerab... Read more

    Affected Products : konqueror
    • EPSS Score: %0.79
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0686

    Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.... Read more

    Affected Products : samba secure_linux
    • EPSS Score: %8.49
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291783 Results