Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-1853

    Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable.... Read more

    Affected Products : terminator_3_war_of_the_machines
    • Published: Mar. 19, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1829

    Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the ... Read more

    Affected Products : php-nuke_module
    • Published: Mar. 18, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1830

    error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.... Read more

    Affected Products : php-nuke
    • Published: Mar. 18, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1826

    SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : mambo_open_source_4.5
    • Published: Mar. 16, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1825

    Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters.... Read more

    Affected Products : mambo_open_source
    • Published: Mar. 16, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0094

    Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).... Read more

    Affected Products : enterprise_linux x11r6
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1818

    Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter.... Read more

    Affected Products : 4nalbum_module
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1815

    Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).... Read more

    Affected Products : one_application_server coldfusion jrun
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0171

    FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from ... Read more

    Affected Products : freebsd openbsd
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0167

    DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0169

    QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.... Read more

    Affected Products : darwin_streaming_server
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1821

    SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.... Read more

    Affected Products : 4nalbum_module
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0110

    Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.... Read more

    Affected Products : libxml2 propack libxml
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0188

    Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.... Read more

    Affected Products : calife
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0191

    Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using o... Read more

    Affected Products : mozilla
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0190

    Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.... Read more

    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0172

    Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a ... Read more

    Affected Products : ltrace
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0192

    Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the result... Read more

    Affected Products : gateway_security_5400
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0093

    XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).... Read more

    Affected Products : enterprise_linux x11r6
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0166

    Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293354 Results