Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2004-1371

    Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.... Read more

    • EPSS Score: %32.44
    • Published: Aug. 04, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1366

    Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.... Read more

    • EPSS Score: %0.30
    • Published: Aug. 04, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1370

    Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_... Read more

    • EPSS Score: %1.81
    • Published: Aug. 04, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1362

    The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures v... Read more

    • EPSS Score: %4.00
    • Published: Aug. 04, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1706

    The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string.... Read more

    Affected Products : usr808054
    • EPSS Score: %2.96
    • Published: Aug. 02, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1708

    Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections.... Read more

    Affected Products : webbsyte_chat
    • EPSS Score: %0.65
    • Published: Aug. 02, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1704

    WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.... Read more

    Affected Products : wpquiz
    • EPSS Score: %0.72
    • Published: Jul. 30, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1705

    Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.... Read more

    Affected Products : ux
    • EPSS Score: %24.08
    • Published: Jul. 30, 2004
    • Modified: Apr. 03, 2025

  • 8.8

    HIGH
    CVE-2004-1703

    Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page... Read more

    Affected Products : fusion_news
    • EPSS Score: %0.57
    • Published: Jul. 30, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1707

    The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privi... Read more

    • EPSS Score: %12.30
    • Published: Jul. 30, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2066

    SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.... Read more

    Affected Products : linpha
    • EPSS Score: %0.97
    • Published: Jul. 29, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2067

    SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.... Read more

    Affected Products : jaws
    • EPSS Score: %1.91
    • Published: Jul. 29, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2064

    Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.... Read more

    Affected Products : lostbook
    • EPSS Score: %0.68
    • Published: Jul. 29, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-0723

    Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java."... Read more

    Affected Products : java_virtual_machine
    • EPSS Score: %3.82
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0738

    Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.... Read more

    Affected Products : php-nuke
    • EPSS Score: %0.02
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0566

    Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %57.43
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0707

    SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.50
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0708

    MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.... Read more

    Affected Products : moinmoin moinmoin
    • EPSS Score: %1.20
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0720

    Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.... Read more

    Affected Products : safari
    • EPSS Score: %0.53
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0705

    Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow r... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.86
    • Published: Jul. 27, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 292762 Results