Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2006-5106

    Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : facileforms
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5132

    Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) ... Read more

    Affected Products : phpmyagenda
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5108

    Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_searc... Read more

    Affected Products : cubecart
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5113

    Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a .. (dot dot) in the lan parameter to includes.php. NOTE: the provenance of this information is unknown; the ... Read more

    Affected Products : exporia
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5128

    SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter.... Read more

    Affected Products : conpresso_cms
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5115

    Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content... Read more

    Affected Products : kgb
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5136

    Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.... Read more

    Affected Products : ubb.threads
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5135

    Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter ... Read more

    Affected Products : a-blog
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5133

    Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars."... Read more

    Affected Products : guildftpd
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5116

    Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsettin... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5114

    Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003... Read more

    Affected Products : internet_transaction_server
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5126

    PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.... Read more

    Affected Products : powerportal
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.9

    MEDIUM
    CVE-2006-5122

    Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description fiel... Read more

    Affected Products : mercury_sitescope
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5101

    PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook ... Read more

    Affected Products : comdev_csv_importer
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5138

    Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message.... Read more

    Affected Products : ubb.threads
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-4391

    Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2006-4393

    Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-4394

    A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors.... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-4395

    Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a cert... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4390

    CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trust... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294514 Results