Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-2920

    Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.... Read more

    Affected Products : sylpheed sylpheed-claws
    • Published: Jun. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3073

    Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary w... Read more

    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2895

    Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.... Read more

    Affected Products : mediawiki
    • Published: Jun. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2958

    Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from th... Read more

    Affected Products : filzip
    • Published: Jun. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3654

    Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.... Read more

    Affected Products : works
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3037

    Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters.... Read more

    Affected Products : st_admanager_lite
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2602

    Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.... Read more

    Affected Products : firefox thunderbird
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2414

    Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, ... Read more

    Affected Products : xpcom
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3620

    Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.... Read more

    Affected Products : koobi_pro
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4259

    Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a directory traversal vulnerability.... Read more

    Affected Products : fotopholder
    • Published: Aug. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3071

    Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.... Read more

    Affected Products : mp3_search_archive
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-4534

    org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminatin... Read more

    Affected Products : tomcat
    • Published: Dec. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-2833

    Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $name... Read more

    Affected Products : drupal
    • Published: Jun. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3550

    Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."... Read more

    Affected Products : firepass_4100
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3038

    Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this scri... Read more

    Affected Products : realty_room_rent
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1898

    Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access... Read more

    Affected Products : tinyphpforum
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1918

    Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php.... Read more

    Affected Products : papoo
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3653

    wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.... Read more

    Affected Products : works
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2979

    Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum... Read more

    Affected Products : shop
    • Published: Jun. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1946

    Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter ... Read more

    Affected Products : visale
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294322 Results