Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2004-2534

    Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service (connection consumption) by sending a large number H... Read more

    Affected Products : netfile_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2004-2499

    Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed."... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2494

    Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.... Read more

    Affected Products : ability_mail_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2549

    Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2)... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2529

    Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.... Read more

    Affected Products : gadu-gadu_instant_messenger
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-2490

    Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2589

    Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory.... Read more

    Affected Products : enterprise_linux gaim
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2501

    Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the con... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2004-2580

    Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors.... Read more

    Affected Products : ichain
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2525

    Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.... Read more

    Affected Products : serendipity
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2600

    The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive info... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2004-2487

    Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls),... Read more

    Affected Products : nexgen_ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1549

    The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection.... Read more

    Affected Products : activepost_standard
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1536

    SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.... Read more

    Affected Products : ipbproarcade
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1524

    Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200.... Read more

    Affected Products : hired_team_trial
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1529

    Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.... Read more

    Affected Products : php-nuke_event_calendar
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1530

    SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters.... Read more

    Affected Products : php-nuke_event_calendar
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1493

    Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (server crash) via multiple connections with long nicknames, possibly triggering a buffer overflow.... Read more

    Affected Products : master_of_orion_iii
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1510

    WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php.... Read more

    Affected Products : webcalendar
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1492

    Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail.... Read more

    Affected Products : master_of_orion_iii
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293613 Results