Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5388

    SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783.... Read more

    Affected Products : webspell
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5391

    Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777.... Read more

    Affected Products : xfire
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2006-5393

    Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.... Read more

    Affected Products : secure_desktop
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5385

    PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : spamoborona
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5392

    Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart... Read more

    Affected Products : fullcore
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5384

    PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter.... Read more

    Affected Products : cds_agenda
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5390

    PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : acp_user_registration_module
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5389

    tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message.... Read more

    Affected Products : php-wyana
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5383

    SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter.... Read more

    Affected Products : def-blog
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5395

    Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party inform... Read more

    Affected Products : class_package_export_tool
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-5394

    The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session.... Read more

    Affected Products : secure_desktop
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5387

    PHP remote file inclusion vulnerability in mods/iai/includes/constants.php in the PlusXL 20_272 and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : plusxl
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 4.9

    MEDIUM
    CVE-2006-5396

    The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.... Read more

    Affected Products : solaris
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-4811

    Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code... Read more

    Affected Products : qt kdelibs
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5381

    Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) d... Read more

    Affected Products : contendio
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5380

    Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, becau... Read more

    Affected Products : contendio
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5379

    The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font... Read more

    Affected Products : binary_graphics_driver
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5362

    Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 10.1.3.0.0 has unknown impact and remote attack vectors, aka Vuln# OC4J04.... Read more

    Affected Products : application_server
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5349

    Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07.... Read more

    Affected Products : http_server
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5353

    Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewr... Read more

    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294690 Results