Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2001-1210

    Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary commun... Read more

    Affected Products : ubr920 ubr924 ubr925
    • EPSS Score: %0.61
    • Published: Dec. 30, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1205

    Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.... Read more

    Affected Products : last_lines
    • EPSS Score: %0.86
    • Published: Dec. 30, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1466

    Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password.... Read more

    Affected Products : securecrt
    • EPSS Score: %4.79
    • Published: Dec. 30, 2001
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2001-1432

    Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.... Read more

    Affected Products : cherokee_httpd
    • EPSS Score: %0.57
    • Published: Dec. 29, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1433

    Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.... Read more

    Affected Products : cherokee_httpd
    • EPSS Score: %1.27
    • Published: Dec. 29, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1202

    Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.... Read more

    Affected Products : delegate
    • EPSS Score: %3.36
    • Published: Dec. 28, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1204

    Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.... Read more

    Affected Products : php_rocket_add-in
    • EPSS Score: %1.89
    • Published: Dec. 28, 2001
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2001-1203

    Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges.... Read more

    Affected Products : gpm
    • EPSS Score: %0.05
    • Published: Dec. 27, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1352

    Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.... Read more

    Affected Products : namazu
    • EPSS Score: %1.24
    • Published: Dec. 27, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-1223

    The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.... Read more

    Affected Products : lancom_1100_office
    • EPSS Score: %2.32
    • Published: Dec. 26, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1225

    Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.... Read more

    Affected Products : msql
    • EPSS Score: %0.06
    • Published: Dec. 26, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1226

    AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.... Read more

    Affected Products : adcycle
    • EPSS Score: %0.62
    • Published: Dec. 25, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1351

    Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers.... Read more

    Affected Products : namazu
    • EPSS Score: %0.85
    • Published: Dec. 25, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-1224

    get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.... Read more

    Affected Products : adrotate_pro
    • EPSS Score: %1.29
    • Published: Dec. 23, 2001
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2001-0884

    Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.... Read more

    Affected Products : mailman
    • EPSS Score: %0.65
    • Published: Dec. 21, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-1220

    D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.... Read more

    Affected Products : dwl-1000ap
    • EPSS Score: %0.81
    • Published: Dec. 21, 2001
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2001-0871

    Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by... Read more

    Affected Products : alchemy_eye alchemy_network_monitor
    • EPSS Score: %3.86
    • Published: Dec. 21, 2001
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1221

    D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.... Read more

    Affected Products : dwl-1000ap
    • EPSS Score: %0.56
    • Published: Dec. 21, 2001
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-1999-1174

    ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target... Read more

    Affected Products : zip_100_mb_drive
    • EPSS Score: %0.08
    • Published: Dec. 21, 2001
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2001-0873

    uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.... Read more

    Affected Products : linux taylor_uucp
    • EPSS Score: %0.25
    • Published: Dec. 21, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 291258 Results