Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2002-0206

    index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.... Read more

    Affected Products : php-nuke
    • EPSS Score: %0.22
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0217

    Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.... Read more

    Affected Products : xoops
    • EPSS Score: %1.29
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0171

    IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.... Read more

    Affected Products : irisconsole
    • EPSS Score: %1.53
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0228

    Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or ... Read more

    Affected Products : msn_messenger
    • EPSS Score: %28.61
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2002-0202

    PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable ... Read more

    Affected Products : paintbbs
    • EPSS Score: %0.07
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0215

    Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.... Read more

    Affected Products : agora.cgi
    • EPSS Score: %8.20
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0214

    Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the ... Read more

    • EPSS Score: %0.08
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0216

    userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.... Read more

    Affected Products : xoops
    • EPSS Score: %0.83
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0200

    Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.... Read more

    Affected Products : cyberstop_web_server
    • EPSS Score: %2.57
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0185

    mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.... Read more

    Affected Products : mod_python
    • EPSS Score: %4.63
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0203

    ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.... Read more

    Affected Products : tarantella_enterprise
    • EPSS Score: %0.71
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0198

    Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.... Read more

    Affected Products : ripmime inflex
    • EPSS Score: %5.63
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0199

    Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.... Read more

    Affected Products : shoutcast_server
    • EPSS Score: %1.82
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0229

    Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.... Read more

    Affected Products : php
    • EPSS Score: %7.72
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0154

    Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.... Read more

    Affected Products : sql_server sql_server
    • EPSS Score: %27.95
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0172

    /dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).... Read more

    Affected Products : irix
    • EPSS Score: %0.22
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0219

    Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.... Read more

    • EPSS Score: %0.15
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0209

    Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send ... Read more

    Affected Products : alteon_acedirector
    • EPSS Score: %6.75
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2002-0173

    Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.... Read more

    Affected Products : irix
    • EPSS Score: %0.05
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0205

    Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.... Read more

    Affected Products : plumtree_corporate_portal
    • EPSS Score: %0.74
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 291773 Results