Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2006-5096

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid param... Read more

    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5093

    PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    Affected Products : tagmin_control_center
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5095

    PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before bei... Read more

    Affected Products : myphotos
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5094

    PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893... Read more

    Affected Products : phpbb_xs
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5097

    PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researche... Read more

    Affected Products : net2ftp
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.2

    HIGH
    CVE-2006-5091

    Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.... Read more

    Affected Products : hp-ux
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5089

    PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of this information is unknown; the details are obtained fro... Read more

    Affected Products : my-bic
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5088

    PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter.... Read more

    Affected Products : phpmychat
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5092

    PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter.... Read more

    Affected Products : a-blog
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5090

    Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index... Read more

    Affected Products : phoenix_evolution_cms
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5087

    Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) track.php or (2) connect.php.... Read more

    Affected Products : evobb
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.4

    MEDIUM
    CVE-2006-4247

    Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."... Read more

    Affected Products : plone
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5083

    PHP remote file inclusion vulnerability in includes/functions_portal.php in Integrated MODs (IM) Portal 1.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : importal
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5076

    Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.... Read more

    Affected Products : back-end_cms
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.8

    HIGH
    CVE-2006-5075

    The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.... Read more

    Affected Products : solaris
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5084

    Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally re... Read more

    Affected Products : skype skype
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5078

    PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter.... Read more

    Affected Products : polaring
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5085

    Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.... Read more

    Affected Products : pixel_motion_blog
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5074

    Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter.... Read more

    Affected Products : php_invoice
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5080

    Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : movable_type movable_type
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294848 Results