Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2004-1389

    Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitra... Read more

    Affected Products : netbackup
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-2184

    Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.... Read more

    Affected Products : yak
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-1416

    pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag.... Read more

    Affected Products : internet_explorer realone_player
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2662

    Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources.... Read more

    Affected Products : 04webserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-1481

    Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for t... Read more

    Affected Products : realplayer realone_player helix_player
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1424

    Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : moodle
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2721

    The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt messages.... Read more

    Affected Products : openskat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-2270

    Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.... Read more

    Affected Products : parallel_environment
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1505

    Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter.... Read more

    Affected Products : jaf_cms
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2723

    NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.... Read more

    Affected Products : nessuswx
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2738

    Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.... Read more

    Affected Products : zeroboard
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2199

    Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.... Read more

    Affected Products : duclassified
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2151

    Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via a very large data size.... Read more

    Affected Products : chatman
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2755

    Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page mess... Read more

    Affected Products : web_security
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1391

    Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.... Read more

    Affected Products : rtos rtp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2212

    SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter.... Read more

    Affected Products : alivesites_forum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2004-1441

    Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : board_power
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2675

    ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.... Read more

    Affected Products : ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0592

    The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a la... Read more

    Affected Products : suse_linux
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1566

    Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.... Read more

    Affected Products : silent-storm_portal
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293620 Results