Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-5451

    Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the admi... Read more

    Affected Products : torrentflux
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5447

    Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : dev_web_management_system
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5443

    Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."... Read more

    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5448

    The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "... Read more

    Affected Products : windows_digital_rights_management
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5455

    Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.... Read more

    Affected Products : bugzilla
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5446

    SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter.... Read more

    Affected Products : casino_script
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5458

    PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter.... Read more

    Affected Products : phpht_topsites
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-5453

    Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using t... Read more

    Affected Products : bugzilla
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5454

    Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadl... Read more

    Affected Products : bugzilla
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5442

    ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.... Read more

    Affected Products : viewvc
    • Published: Oct. 21, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5438

    PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is un... Read more

    Affected Products : comdev_forum
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5432

    Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[f... Read more

    Affected Products : phppowercards
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5440

    PHP remote file inclusion vulnerability in adminfoot.php in Comdev Form Designer 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this informati... Read more

    Affected Products : comdev_form_designer
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5439

    PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information ... Read more

    Affected Products : comdev_misc_tools
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5435

    PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_p... Read more

    Affected Products : phpbb
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5434

    PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter.... Read more

    Affected Products : p-news
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5441

    PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information... Read more

    Affected Products : comdev_web_blogger
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5436

    PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.... Read more

    Affected Products : freefaq
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5437

    Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the phpAds_config[language] parameter. NOTE: this issue could not be reproduced by a third party... Read more

    Affected Products : phpadsnew
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5433

    PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter.... Read more

    Affected Products : alice_cms
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294706 Results