Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2006-5610

    PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : fully_modded_phpbb
    • Published: Oct. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5611

    Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related... Read more

    Affected Products : bluetooth_stack
    • Published: Oct. 31, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5609

    Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter.... Read more

    Affected Products : torrentflux
    • Published: Oct. 30, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5607

    Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter.... Read more

    Affected Products : im-204_adsl_router
    • Published: Oct. 30, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5608

    SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs."... Read more

    Affected Products : extended_tracker
    • Published: Oct. 30, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5605

    Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters.... Read more

    Affected Products : phpcards
    • Published: Oct. 30, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5604

    Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CardLanguageFile parameter.... Read more

    Affected Products : phpcards
    • Published: Oct. 30, 2006
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2006-5603

    SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party informa... Read more

    Affected Products : snitz_forums_2000
    • Published: Oct. 30, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5598

    Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter.... Read more

    Affected Products : goop_gallery
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-5602

    Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors.... Read more

    Affected Products : xsupplicant
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-5600

    Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-IN... Read more

    Affected Products : protiva
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5599

    Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of t... Read more

    Affected Products : apex
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 9.0

    HIGH
    CVE-2006-5601

    Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : xsupplicant
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5597

    join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters.... Read more

    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5596

    Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request.... Read more

    Affected Products : smartgate_ssl_server
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5469

    Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference.... Read more

    Affected Products : wireshark
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-4574

    Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.... Read more

    Affected Products : wireshark
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-4513

    Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that ... Read more

    Affected Products : wvware
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5595

    Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing.... Read more

    Affected Products : wireshark
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5468

    Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors.... Read more

    Affected Products : wireshark
    • Published: Oct. 27, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294832 Results