Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-0615

    The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".... Read more

    Affected Products : office excel
    • EPSS Score: %11.40
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0561

    The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.... Read more

    • EPSS Score: %6.96
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0366

    Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.... Read more

    Affected Products : windows_2000 windows_xp windows_nt
    • EPSS Score: %0.48
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0536

    PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack.... Read more

    Affected Products : phpgroupware
    • EPSS Score: %0.82
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0546

    Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.... Read more

    Affected Products : winamp
    • EPSS Score: %1.05
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0543

    Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.... Read more

    Affected Products : abyss_web_server
    • EPSS Score: %10.26
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0540

    Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration.... Read more

    • EPSS Score: %7.41
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0553

    Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.... Read more

    Affected Products : sunshop_shopping_cart
    • EPSS Score: %3.06
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0552

    Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configurat... Read more

    Affected Products : melange_chat_system
    • EPSS Score: %1.56
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0539

    Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.... Read more

    Affected Products : puresecure
    • EPSS Score: %0.70
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0535

    Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.... Read more

    Affected Products : postnuke postboard
    • EPSS Score: %7.92
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2002-0337

    RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.... Read more

    Affected Products : realplayer
    • EPSS Score: %1.02
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0319

    Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.... Read more

    Affected Products : pforum
    • EPSS Score: %8.22
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0338

    The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name.... Read more

    Affected Products : the_bat
    • EPSS Score: %9.00
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0347

    Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.... Read more

    • EPSS Score: %7.64
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0336

    Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters.... Read more

    • EPSS Score: %7.31
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0318

    FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.... Read more

    Affected Products : freeradius
    • EPSS Score: %0.98
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0346

    Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.... Read more

    • EPSS Score: %9.44
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0334

    xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file.... Read more

    Affected Products : xtell
    • EPSS Score: %0.09
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0006

    XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the ... Read more

    Affected Products : xchat linux
    • EPSS Score: %8.63
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 291358 Results