Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-0408

    Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code.... Read more

    Affected Products : ident2
    • EPSS Score: %3.42
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0163

    Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the key used to encrypt data, which allows remote attackers to cause a denial of service (resource exhaustion) by capturing a session and repeatedly replaying the session.... Read more

    Affected Products : secure_enterprise
    • EPSS Score: %0.74
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-1583

    Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.... Read more

    Affected Products : db2_universal_database
    • EPSS Score: %0.27
    • Published: Sep. 28, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1698

    The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash... Read more

    Affected Products : popmessenger
    • EPSS Score: %5.89
    • Published: Sep. 24, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1696

    EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66.... Read more

    Affected Products : server4
    • EPSS Score: %1.95
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1378

    The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket th... Read more

    Affected Products : jabberd jadc2s
    • EPSS Score: %2.93
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1699

    SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter.... Read more

    Affected Products : showcenter
    • EPSS Score: %9.68
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1694

    Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.... Read more

    Affected Products : on_command_ccm on_icommand
    • EPSS Score: %1.36
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1697

    The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.... Read more

    Affected Products : unicenter_management
    • EPSS Score: %0.74
    • Published: Sep. 21, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1695

    EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash).... Read more

    Affected Products : server4
    • EPSS Score: %9.80
    • Published: Sep. 20, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1693

    PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.... Read more

    Affected Products : mambo
    • EPSS Score: %9.52
    • Published: Sep. 18, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1692

    Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.... Read more

    Affected Products : mambo_open_source
    • EPSS Score: %0.83
    • Published: Sep. 18, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1691

    The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.... Read more

    Affected Products : dns4me
    • EPSS Score: %6.93
    • Published: Sep. 18, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1690

    Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.... Read more

    Affected Products : dns4me
    • EPSS Score: %0.87
    • Published: Sep. 18, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-0534

    Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.... Read more

    Affected Products : webintelligence infoview
    • EPSS Score: %0.55
    • Published: Sep. 17, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1689

    sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.... Read more

    Affected Products : sudo
    • EPSS Score: %0.17
    • Published: Sep. 16, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0872

    Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Sec... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.14
    • Published: Sep. 16, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0869

    Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, ak... Read more

    Affected Products : ie
    • EPSS Score: %15.68
    • Published: Sep. 16, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0871

    Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross S... Read more

    Affected Products : mozilla
    • EPSS Score: %0.44
    • Published: Sep. 16, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1687

    CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.... Read more

    Affected Products : snitz_forums_2000
    • EPSS Score: %5.86
    • Published: Sep. 16, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 292737 Results