Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-4812

    Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ... Read more

    Affected Products : php
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-4997

    The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed ... Read more

    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5212

    Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a m... Read more

    Affected Products : officescan officescan
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5206

    SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.... Read more

    Affected Products : invision_gallery
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5143

    Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote att... Read more

    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-5204

    Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be le... Read more

    Affected Products : invision_power_board
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5193

    PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.... Read more

    Affected Products : wikyblog
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 4.9

    MEDIUM
    CVE-2006-3741

    The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descrip... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5154

    PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.... Read more

    Affected Products : deluxebb
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5151

    Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.... Read more

    Affected Products : hp-ux
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.5

    MEDIUM
    CVE-2006-5150

    SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : openbiblio
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5147

    PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter.... Read more

    Affected Products : vamp_webmail
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-4511

    Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero... Read more

    Affected Products : groupwise_messenger
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5146

    Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.... Read more

    Affected Products : yblog
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5159

    Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issu... Read more

    Affected Products : firefox
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5152

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue ... Read more

    Affected Products : internet_explorer
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 8.1

    HIGH
    CVE-2006-5160

    Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states ... Read more

    Affected Products : firefox
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5165

    PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter.... Read more

    Affected Products : ppa_gallery
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5144

    Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.... Read more

    Affected Products : olatedownload
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5145

    Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.... Read more

    Affected Products : olatedownload
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294454 Results