Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5140

    SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : php_krazy_image_host_script
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-5120

    Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php.... Read more

    Affected Products : red_mombin
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5130

    Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: t... Read more

    Affected Products : jaf_cms
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-5134

    Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field.... Read more

    Affected Products : mercury_sitescope
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2006-4393

    Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.2

    HIGH
    CVE-2006-4392

    The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to mo... Read more

    Affected Products : mac_os_x openstep
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.6

    MEDIUM
    CVE-2006-4387

    Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows t... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-4399

    User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not ac... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-4391

    Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-4395

    Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a cert... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4390

    CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trust... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.6

    MEDIUM
    CVE-2006-4397

    Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access t... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-4394

    A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors.... Read more

    Affected Products : mac_os_x
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5098

    lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.... Read more

    Affected Products : dokuwiki
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5099

    lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invokin... Read more

    Affected Products : dokuwiki
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5093

    PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    Affected Products : tagmin_control_center
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5094

    PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893... Read more

    Affected Products : phpbb_xs
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5095

    PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before bei... Read more

    Affected Products : myphotos
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5096

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid param... Read more

    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5097

    PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researche... Read more

    Affected Products : net2ftp
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294863 Results