Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-2895

    Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.... Read more

    Affected Products : mediawiki
    • Published: Jun. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2920

    Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.... Read more

    Affected Products : sylpheed sylpheed-claws
    • Published: Jun. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2891

    Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.... Read more

    Affected Products : pixelpost
    • Published: Jun. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2833

    Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $name... Read more

    Affected Products : drupal
    • Published: Jun. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2571

    Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.... Read more

    Affected Products : opencms
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2302

    Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3812

    Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jul. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2312

    Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.... Read more

    Affected Products : windows skype
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2258

    Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter.... Read more

    Affected Products : maxxschedule
    • Published: May. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2265

    Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained... Read more

    Affected Products : calendar_manager_pro
    • Published: May. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2163

    Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter.... Read more

    Affected Products : pinnacle_cart
    • Published: May. 04, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2031

    Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.... Read more

    Affected Products : phpmyadmin
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1946

    Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter ... Read more

    Affected Products : visale
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3484

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) u... Read more

    Affected Products : atutor
    • Published: Jul. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1903

    Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web ... Read more

    Affected Products : manila
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1899

    Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters.... Read more

    Affected Products : neuron_blog
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3654

    Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.... Read more

    Affected Products : works
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1898

    Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access... Read more

    Affected Products : tinyphpforum
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1854

    Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this... Read more

    Affected Products : bluepay_manager
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1850

    Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page p... Read more

    Affected Products : xflow
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293289 Results