Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-0542

    PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to ... Read more

    Affected Products : php
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0655

    eupdatedb in esearch 0.6.1 and earlier allows local users to create arbitrary files via a symlink attack on the esearchdb.py.tmp temporary file.... Read more

    Affected Products : emerge_search_tool
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0414

    CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code... Read more

    Affected Products : openbsd propack linux openpkg cvs
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1710

    page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.... Read more

    Affected Products : page_cgi
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0540

    Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.... Read more

    Affected Products : windows_2000
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0543

    Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.... Read more

    Affected Products : e-business_suite applications
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0660

    Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.... Read more

    Affected Products : cutenews
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0524

    Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.... Read more

    Affected Products : change_passwd
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0662

    PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message.... Read more

    Affected Products : powerportal
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0671

    Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request.... Read more

    Affected Products : brightmail_antispam
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0672

    Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressio... Read more

    Affected Products : identityminder policy_server
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-0589

    Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.... Read more

    Affected Products : ios
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0212

    Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Exp... Read more

    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0495

    Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.... Read more

    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0554

    Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a ... Read more

    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0201

    Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerabi... Read more

    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0541

    Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).... Read more

    Affected Products : squid_web_proxy_cache
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0679

    The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote attackers to use brute force methods to gain other user's IP addresses.... Read more

    Affected Products : unrealircd
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0665

    csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message.... Read more

    Affected Products : csfaq
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0596

    The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293335 Results