Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-1748

    Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling Acti... Read more

    Affected Products : xmb_forum
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3237

    Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.... Read more

    Affected Products : enterprise_groupware_systems
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1745

    Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third... Read more

    Affected Products : bitweaver
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1736

    Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link th... Read more

    • Published: Apr. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3333

    Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error ... Read more

    Affected Products : zorum
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-4775

    Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 28, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-1801

    The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.... Read more

    Affected Products : 9500
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3241

    Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.... Read more

    Affected Products : xennobb
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3365

    V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.... Read more

    Affected Products : v3_chat
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1795

    Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field.... Read more

    Affected Products : at1_event_publisher
    • Published: Apr. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1476

    Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan hors... Read more

    Affected Products : windows_xp
    • Published: Mar. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3313

    Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.... Read more

    Affected Products : smartnet
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3225

    Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrar... Read more

    • Published: Jun. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1759

    Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter.... Read more

    Affected Products : confixx
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1554

    Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment.... Read more

    Affected Products : vsns_lemon
    • Published: Mar. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4369

    Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter.... Read more

    Affected Products : integramod_portal
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3230

    Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : azureus_tracker
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4355

    Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal_easylinks_module
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3227

    Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ... Read more

    Affected Products : internet_explorer
    • Published: Jun. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1673

    Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter.... Read more

    Affected Products : vbug_tracker
    • Published: Apr. 07, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293437 Results