Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-0711

    The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.90
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0701

    Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to g... Read more

    Affected Products : ray_server_software
    • EPSS Score: %0.10
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0724

    The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet.... Read more

    • EPSS Score: %0.74
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0712

    The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.11
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0709

    HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions.... Read more

    Affected Products : openview_select_access
    • EPSS Score: %1.10
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0703

    Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.53
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0735

    Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such... Read more

    Affected Products : medal_of_honor_allied_assault
    • EPSS Score: %74.36
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0734

    Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.... Read more

    Affected Products : extropia_webstore
    • EPSS Score: %10.25
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0730

    Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) t... Read more

    Affected Products : phpbb
    • EPSS Score: %1.63
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0707

    SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.50
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0720

    Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.... Read more

    Affected Products : safari
    • EPSS Score: %0.53
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0717

    Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.... Read more

    Affected Products : linux_kernel opera_browser windows
    • EPSS Score: %0.62
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0702

    DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.39
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0710

    IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service ... Read more

    Affected Products : ios
    • EPSS Score: %0.98
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0708

    MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.... Read more

    Affected Products : moinmoin moinmoin
    • EPSS Score: %1.20
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2004-0698

    4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.... Read more

    Affected Products : webstar
    • EPSS Score: %0.07
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0725

    Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : moodle
    • EPSS Score: %1.96
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0727

    Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to anot... Read more

    Affected Products : internet_explorer
    • EPSS Score: %64.04
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0733

    Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.... Read more

    Affected Products : ollydbg
    • EPSS Score: %19.34
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0736

    The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.... Read more

    Affected Products : php-nuke
    • EPSS Score: %0.02
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291908 Results