Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-1630

    Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter.... Read more

    Affected Products : work_flow_engine
    • EPSS Score: %0.44
    • Published: Oct. 25, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1632

    Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php.... Read more

    Affected Products : moniwiki
    • EPSS Score: %0.44
    • Published: Oct. 25, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1631

    Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results.... Read more

    Affected Products : work_flow_engine
    • EPSS Score: %0.44
    • Published: Oct. 25, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1633

    process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.29
    • Published: Oct. 25, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1635

    Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remot... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.62
    • Published: Oct. 24, 2004
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2004-1628

    Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.... Read more

    Affected Products : rssh
    • EPSS Score: %2.56
    • Published: Oct. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1629

    Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements.... Read more

    Affected Products : dwc_articles
    • EPSS Score: %0.49
    • Published: Oct. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1627

    Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command.... Read more

    Affected Products : ability_server
    • EPSS Score: %16.73
    • Published: Oct. 22, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1625

    pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown.... Read more

    Affected Products : pgina
    • EPSS Score: %0.74
    • Published: Oct. 22, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1623

    The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.... Read more

    Affected Products : windows_xp
    • EPSS Score: %38.70
    • Published: Oct. 22, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1626

    Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.... Read more

    Affected Products : ability_server
    • EPSS Score: %73.36
    • Published: Oct. 22, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1624

    Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button... Read more

    Affected Products : carbon_copy
    • EPSS Score: %0.05
    • Published: Oct. 21, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1620

    CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer f... Read more

    Affected Products : serendipity
    • EPSS Score: %8.35
    • Published: Oct. 21, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1622

    SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.... Read more

    Affected Products : ubb.threads
    • EPSS Score: %0.33
    • Published: Oct. 21, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0798

    Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.... Read more

    Affected Products : whatsup_gold whatsup_gold
    • EPSS Score: %72.64
    • Published: Oct. 20, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0777

    Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.... Read more

    Affected Products : courier-imap
    • EPSS Score: %15.92
    • Published: Oct. 20, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-0792

    Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.... Read more

    Affected Products : rsync
    • EPSS Score: %0.84
    • Published: Oct. 20, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0754

    Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.... Read more

    Affected Products : enterprise_linux gaim
    • EPSS Score: %5.60
    • Published: Oct. 20, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0748

    mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.... Read more

    Affected Products : http_server
    • EPSS Score: %19.65
    • Published: Oct. 20, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0688

    Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malfo... Read more

    Affected Products : suse_linux openbsd x11r6 x11r6
    • EPSS Score: %16.03
    • Published: Oct. 20, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 292762 Results