Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5193

    PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.... Read more

    Affected Products : wikyblog
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5206

    SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.... Read more

    Affected Products : invision_gallery
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5142

    Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot.... Read more

    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-5174

    The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a b... Read more

    Affected Products : linux_kernel
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 6.2

    MEDIUM
    CVE-2006-5178

    Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the fi... Read more

    Affected Products : php
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5169

    Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k1) PowerPortal 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to registering a user. NOTE: the provenance of this informat... Read more

    Affected Products : powerportal
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-5177

    The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted bas... Read more

    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5185

    Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function.... Read more

    Affected Products : hamweather
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5168

    Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string.... Read more

    Affected Products : pebble
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5186

    PHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter.... Read more

    Affected Products : phpmyprofiler
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5219

    SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter.... Read more

    Affected Products : moodle
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 6.2

    MEDIUM
    CVE-2006-5072

    The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.... Read more

    Affected Products : mono mono
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5170

    pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_... Read more

    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5194

    Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : net2ftp
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5183

    Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script ... Read more

    Affected Products : dayfox_blog
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5192

    PHP remote file inclusion vulnerability in includes/footer.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPGREETZ_INCLUDE_DIR parameter.... Read more

    Affected Products : phpgreetz
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-4980

    Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.... Read more

    Affected Products : python
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 4.6

    MEDIUM
    CVE-2006-4927

    The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the ... Read more

    Affected Products : naveng_driver navex15_driver
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5220

    Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.... Read more

    Affected Products : webyep
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 4.9

    MEDIUM
    CVE-2006-3741

    The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descrip... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294846 Results