Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2002-1444

    The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorr... Read more

    Affected Products : internet_explorer toolbar
    • Published: Aug. 15, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-1452

    Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter.... Read more

    Affected Products : mywebserver
    • Published: Aug. 14, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1453

    Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message.... Read more

    Affected Products : mywebserver
    • Published: Aug. 14, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0618

    The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script E... Read more

    Affected Products : office excel
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0659

    The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.... Read more

    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0728

    Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.... Read more

    Affected Products : linux libpng
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0485

    Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.... Read more

    Affected Products : norton_antivirus
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2002-0481

    An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files... Read more

    Affected Products : outlook
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0483

    index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.... Read more

    Affected Products : php-nuke
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0494

    Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.... Read more

    Affected Products : websight_directory_system
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0520

    Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.... Read more

    Affected Products : asp-nuke
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0426

    VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.... Read more

    Affected Products : befvp41
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0480

    ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have conn... Read more

    Affected Products : realsecure_nokia
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0731

    Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.... Read more

    Affected Products : vqserver
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-0492

    dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.... Read more

    Affected Products : dcshop
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0787

    Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.... Read more

    Affected Products : injoin_directory_server
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2002-0783

    Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.... Read more

    Affected Products : opera_web_browser
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2002-0793

    Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4)... Read more

    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0736

    Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.... Read more

    Affected Products : backoffice
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0753

    Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie.... Read more

    Affected Products : web\+_server
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293351 Results