Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2006-5094

    PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893... Read more

    Affected Products : phpbb_xs
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5096

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid param... Read more

    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5095

    PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before bei... Read more

    Affected Products : myphotos
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5093

    PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    Affected Products : tagmin_control_center
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5097

    PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researche... Read more

    Affected Products : net2ftp
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.2

    HIGH
    CVE-2006-5091

    Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.... Read more

    Affected Products : hp-ux
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5087

    Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) track.php or (2) connect.php.... Read more

    Affected Products : evobb
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5090

    Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index... Read more

    Affected Products : phoenix_evolution_cms
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5092

    PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter.... Read more

    Affected Products : a-blog
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5088

    PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter.... Read more

    Affected Products : phpmychat
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5089

    PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of this information is unknown; the details are obtained fro... Read more

    Affected Products : my-bic
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.4

    MEDIUM
    CVE-2006-4247

    Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."... Read more

    Affected Products : plone
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.8

    HIGH
    CVE-2006-5073

    Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.... Read more

    Affected Products : solaris sunos
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5082

    Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.... Read more

    Affected Products : sugar_suite
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5083

    PHP remote file inclusion vulnerability in includes/functions_portal.php in Integrated MODs (IM) Portal 1.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : importal
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5081

    PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    Affected Products : quickblogger
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5085

    Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.... Read more

    Affected Products : pixel_motion_blog
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5079

    PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter.... Read more

    Affected Products : pabugs
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5080

    Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : movable_type movable_type
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5077

    PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : minerva
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294848 Results