Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2002-1680

    Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi.... Read more

    Affected Products : cgi_online_worldweb_shopping
    • EPSS Score: %0.35
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1668

    HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor ... Read more

    • EPSS Score: %0.09
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1651

    Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or ... Read more

    Affected Products : search97
    • EPSS Score: %0.81
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1625

    Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which contin... Read more

    Affected Products : flash_player
    • EPSS Score: %7.82
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1626

    Directory traversal vulnerability in Mike Spice My Calendar before 1.5 allows remote attackers to write arbitrary files via .. (dot dot) sequences in a URL.... Read more

    Affected Products : my_calendar
    • EPSS Score: %0.59
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1993

    webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter.... Read more

    • EPSS Score: %6.56
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1984

    Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".... Read more

    Affected Products : internet_explorer
    • EPSS Score: %11.95
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1945

    Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3).... Read more

    Affected Products : smartmail_server
    • EPSS Score: %7.59
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2002-1975

    Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.... Read more

    • EPSS Score: %0.06
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2176

    SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.... Read more

    Affected Products : phpbb
    • EPSS Score: %0.69
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2002-2180

    The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.... Read more

    Affected Products : openbsd
    • EPSS Score: %0.14
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2215

    The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.... Read more

    Affected Products : php
    • EPSS Score: %0.67
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1859

    Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-IN... Read more

    Affected Products : orion_application_server
    • EPSS Score: %0.35
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2314

    Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.... Read more

    Affected Products : mozilla
    • EPSS Score: %12.46
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1758

    PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in.... Read more

    Affected Products : phprojekt
    • EPSS Score: %0.38
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1932

    Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users an... Read more

    Affected Products : windows_2000 windows_xp
    • EPSS Score: %21.54
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1868

    Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.... Read more

    Affected Products : dispair
    • EPSS Score: %11.60
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2395

    InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding.... Read more

    Affected Products : interscan_viruswall
    • EPSS Score: %1.00
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-2164

    Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.... Read more

    Affected Products : outlook_express
    • EPSS Score: %35.77
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1831

    Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.... Read more

    Affected Products : msn_messenger
    • EPSS Score: %11.65
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 291739 Results