Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-0836

    Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field.... Read more

    Affected Products : thunderbird
    • Published: Feb. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0950

    unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.... Read more

    Affected Products : unalz
    • Published: Mar. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0487

    The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.... Read more

    Affected Products : internet_explorer
    • Published: May. 01, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5069

    Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : typo3
    • Published: Sep. 28, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1808

    Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation.... Read more

    Affected Products : lifetype
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1193

    Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."... Read more

    Affected Products : exchange_server
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4808

    Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.... Read more

    Affected Products : imlib2
    • Published: Nov. 07, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1144

    Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.... Read more

    Affected Products : hithost
    • Published: Mar. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1817

    SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie.... Read more

    Affected Products : warforge.news
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1224

    Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.... Read more

    Affected Products : guppy
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1752

    Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment.... Read more

    Affected Products : mvblog
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2174

    Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL repli... Read more

    Affected Products : bugzilla
    • Published: Jul. 08, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1699

    Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode.... Read more

    Affected Products : banner_generator
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1854

    Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this... Read more

    Affected Products : bluepay_manager
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2268

    Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1665

    Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a) forum.php, and the (3) form parameter in (b) members... Read more

    Affected Products : arab_portal
    • Published: Apr. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1457

    Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2766

    Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a lon... Read more

    Affected Products : internet_explorer outlook_express ie
    • Published: Jun. 02, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1843

    Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. NOTE: the provenance of this information is unknown; the details are obtai... Read more

    Affected Products : shoutbook
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1806

    Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.... Read more

    Affected Products : musicbox
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294717 Results