Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-5375

    Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03.... Read more

    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-5173

    Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Che... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.2

    HIGH
    CVE-2006-5328

    OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.... Read more

    Affected Products : xcode openbase
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.2

    HIGH
    CVE-2006-5327

    Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which ... Read more

    Affected Products : xcode openbase
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5330

    CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and... Read more

    Affected Products : flash_player
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-4819

    Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address).... Read more

    Affected Products : opera_browser
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5321

    Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phplist
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5318

    PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter.... Read more

    Affected Products : jasmine
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5322

    Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : phplist
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 6.5

    MEDIUM
    CVE-2006-5313

    Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this crosses privilege boundaries if the SMTP server configuration... Read more

    Affected Products : hastymail
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5320

    Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter.... Read more

    Affected Products : album_photo_sans_nom
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5319

    Directory traversal vulnerability in redir.php in Foafgen 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the foaf parameter.... Read more

    Affected Products : foafgen
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2006-4342

    The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlo... Read more

    Affected Products : enterprise_linux
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5326

    PHP remote file inclusion vulnerability in language/lang/lang_contact_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance... Read more

    Affected Products : french_language_pack
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5315

    PHP remote file inclusion vulnerability in main.php in registroTL allows remote attackers to execute arbitrary PHP code via an ftp:// URL in the page parameter.... Read more

    Affected Products : registrotl
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5323

    Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.... Read more

    Affected Products : websphere_application_server
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5324

    The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374.... Read more

    Affected Products : websphere_application_server
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5317

    PHP remote file inclusion vulnerability in index.php in eboli allows remote attackers to execute arbitrary PHP code via a URL in the contentSpecial parameter.... Read more

    Affected Products : eboli
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5314

    PHP remote file inclusion vulnerability in ftag.php in TribunaLibre 3.12 Beta allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter.... Read more

    Affected Products : tribunalibre
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 7.8

    HIGH
    CVE-2006-5316

    registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat.... Read more

    Affected Products : registrotl
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294527 Results