Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5419

    PHP remote file inclusion vulnerability in client.php in University of Glasgow Specimen Image Database (SID), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter.... Read more

    Affected Products : specimen_image_database
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5410

    PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189.... Read more

    Affected Products : dolphin
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5413

    Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) con... Read more

    Affected Products : supermod
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5411

    Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs.... Read more

    Affected Products : freewps
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5414

    Barry Nauta BRIM before 1.2.1 allows remote authenticated users to read information from other users via a modified URL.... Read more

    Affected Products : brim
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5418

    PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : searchindexer
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5420

    Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses.... Read more

    Affected Products : winroute_firewall
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5415

    PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : news_defilante_horizontale
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5417

    McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, poss... Read more

    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5408

    Multiple cross-site scripting (XSS) vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to inject arbitrary HTML or web script via unspecified vectors.... Read more

    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5409

    Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5422

    PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.... Read more

    Affected Products : lodel_cms
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5421

    WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has ... Read more

    Affected Products : wsn_forum
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5404

    Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspeci... Read more

    • Published: Oct. 19, 2006
    • Modified: Apr. 09, 2025

  • 6.2

    MEDIUM
    CVE-2006-5405

    Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code ... Read more

    Affected Products : bluetooth_wireless_device_driver
    • Published: Oct. 19, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-5406

    Passgo Defender 5.2 creates the application directory with insecure permissions (Everyone/Full Control), which allows local users to read and modify sensitive files. NOTE: the provenance of this information is unknown; the details are obtained from third... Read more

    Affected Products : defender
    • Published: Oct. 19, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5407

    PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.... Read more

    Affected Products : osticket
    • Published: Oct. 19, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5403

    Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and ... Read more

    • Published: Oct. 19, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5398

    SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.... Read more

    Affected Products : simplog
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5402

    Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_pa... Read more

    Affected Products : phpmybibli
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294534 Results