Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2002-0409

    orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.... Read more

    Affected Products : .net_framework
    • EPSS Score: %34.23
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0398

    Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.... Read more

    Affected Products : 1050ap_lan_acess_point
    • EPSS Score: %0.82
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0032

    Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.... Read more

    Affected Products : messenger
    • EPSS Score: %2.94
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0395

    The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods.... Read more

    Affected Products : 1050ap_lan_acess_point
    • EPSS Score: %1.21
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0431

    XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection.... Read more

    Affected Products : xtux
    • EPSS Score: %4.89
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0715

    Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.... Read more

    Affected Products : squid
    • EPSS Score: %0.40
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0703

    An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.... Read more

    Affected Products : digest-md5
    • EPSS Score: %0.59
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0369

    Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.... Read more

    Affected Products : .net_framework
    • EPSS Score: %19.26
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2002-0435

    Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it ... Read more

    Affected Products : linux fileutils
    • EPSS Score: %0.07
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0448

    Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.... Read more

    Affected Products : xerver
    • EPSS Score: %7.63
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0702

    Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS serve... Read more

    Affected Products : dhcpd dhcp
    • EPSS Score: %37.65
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0682

    Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.... Read more

    Affected Products : tomcat
    • EPSS Score: %66.60
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0688

    ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.... Read more

    Affected Products : zope
    • EPSS Score: %0.60
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2002-0672

    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.... Read more

    Affected Products : xpressa
    • EPSS Score: %0.16
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0681

    Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.... Read more

    Affected Products : goahead_webserver
    • EPSS Score: %7.31
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0667

    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.... Read more

    Affected Products : xpressa
    • EPSS Score: %2.20
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0680

    Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been r... Read more

    • EPSS Score: %5.24
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0683

    Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter.... Read more

    Affected Products : carello
    • EPSS Score: %0.60
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0686

    Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter.... Read more

    Affected Products : iplanet_web_server
    • EPSS Score: %4.68
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0701

    ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was runni... Read more

    Affected Products : freebsd openbsd
    • EPSS Score: %0.14
    • Published: Jul. 23, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 291827 Results