Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5158

    The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and... Read more

    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.5

    MEDIUM
    CVE-2006-5150

    SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : openbiblio
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5157

    Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Cl... Read more

    Affected Products : officescan officescan
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5147

    PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter.... Read more

    Affected Products : vamp_webmail
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5166

    PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.... Read more

    Affected Products : easy_banner_free easy_banner_free
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5153

    The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInf... Read more

    Affected Products : personal_firewall
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5148

    Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) mem... Read more

    Affected Products : forum82
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5101

    PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook ... Read more

    Affected Products : comdev_csv_importer
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5138

    Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message.... Read more

    Affected Products : ubb.threads
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5116

    Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsettin... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5107

    Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter ... Read more

    Affected Products : cubecart
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5126

    PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.... Read more

    Affected Products : powerportal
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.9

    MEDIUM
    CVE-2006-5122

    Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description fiel... Read more

    Affected Products : mercury_sitescope
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5140

    SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : php_krazy_image_host_script
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-5120

    Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php.... Read more

    Affected Products : red_mombin
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5118

    PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter.... Read more

    Affected Products : web_development_division
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5105

    Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to... Read more

    Affected Products : syntaxcms
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5117

    phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5121

    SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.... Read more

    Affected Products : postnuke
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5123

    Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code change... Read more

    Affected Products : phprojekt
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294848 Results