Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5302

    Multiple PHP remote file inclusion vulnerabilities in Redaction System 1.0000 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_prefix parameter to (a) conn.php, (b) sesscheck.php, (c) wap/conn.php, or (d) wap/sesscheck.php, o... Read more

    Affected Products : redaction_system
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 6.5

    MEDIUM
    CVE-2006-5300

    Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors.... Read more

    Affected Products : version_control_agent
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5305

    PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : lat2cyr
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5210

    Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/").... Read more

    Affected Products : ironmail
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-4182

    Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based... Read more

    Affected Products : clamav clamav
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5295

    Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."... Read more

    Affected Products : clamav clamav
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-4154

    Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.... Read more

    Affected Products : http_server
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2006-5297

    Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.... Read more

    Affected Products : mutt
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 1.2

    LOW
    CVE-2006-5298

    The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition b... Read more

    Affected Products : mutt
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5296

    PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerP... Read more

    Affected Products : powerpoint
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5292

    PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.... Read more

    Affected Products : exhibit_engine
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5294

    Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.... Read more

    Affected Products : phplist
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5293

    Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter.... Read more

    Affected Products : noahs_classifieds
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5291

    PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actu... Read more

    Affected Products : downloadengine
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5288

    Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893.... Read more

    Affected Products : 2700_wireless_location_appliance
    • Published: Oct. 13, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5290

    The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP host... Read more

    • Published: Oct. 13, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5289

    Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3... Read more

    Affected Products : vtiger_crm
    • Published: Oct. 13, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5287

    Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via (1) the User-Agent HTTP header, or the (2) gb_entry_text, (3) gb_location, (4) gb_fullname, or (5) gb_sex parameters.... Read more

    Affected Products : xeobook
    • Published: Oct. 13, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5283

    PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter.... Read more

    Affected Products : minichat
    • Published: Oct. 13, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5285

    SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter.... Read more

    Affected Products : xeoport
    • Published: Oct. 13, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294535 Results