Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-1842

    Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address.... Read more

    Affected Products : perlbot
    • EPSS Score: %1.11
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1846

    Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime... Read more

    Affected Products : yabb
    • EPSS Score: %0.34
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1897

    MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow.... Read more

    Affected Products : mywebserver
    • EPSS Score: %6.67
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1901

    Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags.... Read more

    Affected Products : bbgallery
    • EPSS Score: %0.30
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1912

    SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.... Read more

    Affected Products : emr5000
    • EPSS Score: %1.64
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1942

    Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allows remote attackers to cause a denial of service (crash) via a large number of concurrent sessions.... Read more

    Affected Products : xitami
    • EPSS Score: %1.32
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1970

    SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers.... Read more

    Affected Products : snortcenter
    • EPSS Score: %0.05
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1971

    The ping utility in networking_utils.php in Sourcecraft Networking_Utils 1.0 allows remote attackers to read arbitrary files via shell metacharacters in the Domain name or IP address argument.... Read more

    Affected Products : networking_utils
    • EPSS Score: %1.45
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2084

    Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters.... Read more

    Affected Products : portix-php
    • EPSS Score: %3.90
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2131

    Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument.... Read more

    Affected Products : perl-httpd
    • EPSS Score: %0.86
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2137

    GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive inform... Read more

    • EPSS Score: %0.49
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2158

    zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message.... Read more

    Affected Products : zentrack
    • EPSS Score: %0.35
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2186

    Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.... Read more

    Affected Products : jrun
    • EPSS Score: %0.85
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2316

    Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive networ... Read more

    Affected Products : catos
    • EPSS Score: %0.49
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2002-2361

    The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.... Read more

    Affected Products : messenger
    • EPSS Score: %0.39
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2009

    Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.... Read more

    Affected Products : tomcat
    • EPSS Score: %2.78
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-2153

    Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : application_server
    • EPSS Score: %2.54
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1636

    Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.... Read more

    Affected Products : application_server
    • EPSS Score: %0.29
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2006

    The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.... Read more

    Affected Products : tomcat
    • EPSS Score: %32.36
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2365

    Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.... Read more

    Affected Products : simple_wais
    • EPSS Score: %1.59
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 291739 Results