Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-3039

    Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this scri... Read more

    Affected Products : realty_home_rent
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1748

    Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling Acti... Read more

    Affected Products : xmb_forum
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1745

    Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third... Read more

    Affected Products : bitweaver
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0329

    Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences.... Read more

    Affected Products : zipgenius
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3217

    JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the infor... Read more

    Affected Products : jaguaredit
    • Published: Jun. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3245

    Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.... Read more

    Affected Products : mvnforum
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1795

    Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field.... Read more

    Affected Products : at1_event_publisher
    • Published: Apr. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3237

    Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.... Read more

    Affected Products : enterprise_groupware_systems
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1818

    Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: por... Read more

    Affected Products : warforge.news
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3241

    Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.... Read more

    Affected Products : xennobb
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1736

    Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link th... Read more

    • Published: Apr. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1476

    Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan hors... Read more

    Affected Products : windows_xp
    • Published: Mar. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1759

    Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter.... Read more

    Affected Products : confixx
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4570

    Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or... Read more

    Affected Products : thunderbird seamonkey
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1725

    Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into ex... Read more

    Affected Products : firefox seamonkey
    • Published: Apr. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3921

    Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buf... Read more

    Affected Products : ios
    • Published: Nov. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2610

    Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter.... Read more

    Affected Products : phpraid
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2653

    Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.... Read more

    Affected Products : dsa-3100_airspot_gateway
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2729

    Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained sol... Read more

    Affected Products : photoalbum_bandw
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3997

    Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) ... Read more

    Affected Products : zen_cart zen_cart
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293360 Results