Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-1843

    SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp.... Read more

    Affected Products : member_management_system
    • EPSS Score: %0.74
    • Published: Mar. 20, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1846

    Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.... Read more

    Affected Products : news_manager_lite
    • EPSS Score: %1.53
    • Published: Mar. 20, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1834

    mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.... Read more

    Affected Products : http_server
    • EPSS Score: %0.49
    • Published: Mar. 20, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1847

    News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.... Read more

    Affected Products : news_manager_lite
    • EPSS Score: %2.89
    • Published: Mar. 20, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1853

    Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable.... Read more

    Affected Products : terminator_3_war_of_the_machines
    • EPSS Score: %2.10
    • Published: Mar. 19, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1830

    error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.... Read more

    Affected Products : php-nuke
    • EPSS Score: %0.05
    • Published: Mar. 18, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1829

    Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the ... Read more

    Affected Products : php-nuke_module
    • EPSS Score: %0.62
    • Published: Mar. 18, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1826

    SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : mambo_open_source_4.5
    • EPSS Score: %0.68
    • Published: Mar. 16, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1825

    Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters.... Read more

    Affected Products : mambo_open_source
    • EPSS Score: %1.55
    • Published: Mar. 16, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1818

    Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter.... Read more

    Affected Products : 4nalbum_module
    • EPSS Score: %0.53
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1827

    Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.... Read more

    Affected Products : yabb simple_machines_smf
    • EPSS Score: %0.87
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1816

    Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).... Read more

    Affected Products : one_application_server coldfusion jrun
    • EPSS Score: %1.73
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1819

    4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message.... Read more

    Affected Products : 4nalbum_module
    • EPSS Score: %0.62
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1822

    Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target p... Read more

    Affected Products : phorum
    • EPSS Score: %1.30
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1817

    Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) s... Read more

    Affected Products : php-nuke
    • EPSS Score: %5.68
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1820

    PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains f... Read more

    Affected Products : 4nalbum_module
    • EPSS Score: %3.71
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0165

    Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %1.78
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0190

    Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.... Read more

    • EPSS Score: %0.75
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0192

    Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the result... Read more

    Affected Products : gateway_security_5400
    • EPSS Score: %0.53
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0191

    Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using o... Read more

    Affected Products : mozilla
    • EPSS Score: %1.82
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 292518 Results