Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-5537

    Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parame... Read more

    Affected Products : dsl-g624t
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5555

    PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter.... Read more

    Affected Products : epnadmin
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5549

    PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party resear... Read more

    Affected Products : adobe_php_ria_sdk
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5520

    PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter.... Read more

    Affected Products : php_classifieds
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5524

    Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321.... Read more

    Affected Products : phplist
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5515

    Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script... Read more

    Affected Products : phpadsnew phppgads
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5517

    Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php,... Read more

    Affected Products : open_meetings_filing_system
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5514

    SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter.... Read more

    Affected Products : web_group_communication_center
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5518

    Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (... Read more

    Affected Products : rssonate
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5522

    Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php.... Read more

    Affected Products : kawf
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5525

    Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated... Read more

    Affected Products : php-nuke
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5516

    Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php.... Read more

    Affected Products : wikini
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5521

    PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.... Read more

    Affected Products : net_dns
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5523

    PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter.... Read more

    Affected Products : ez-ticket
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5513

    SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors.... Read more

    Affected Products : opensource
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5519

    PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.... Read more

    Affected Products : mambweather
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5382

    3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause... Read more

    Affected Products : superstack_3_switch_4400
    • Published: Oct. 25, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5507

    Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.ph... Read more

    Affected Products : der_dirigent
    • Published: Oct. 25, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5504

    Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.... Read more

    Affected Products : simple_machines_forum
    • Published: Oct. 25, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5509

    Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injecti... Read more

    Affected Products : burning_book
    • Published: Oct. 25, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294758 Results