Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2006-4542

    Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.... Read more

    Affected Products : webmin usermin
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-4541

    RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also af... Read more

    Affected Products : blackice_pc_protection
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-4538

    Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-4537

    NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.... Read more

    Affected Products : dec_openvms_alpha
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4536

    SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.... Read more

    Affected Products : cms_frogss
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4339

    OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and ... Read more

    Affected Products : openssl
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-4534

    Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names inc... Read more

    Affected Products : office word
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4531

    PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.... Read more

    Affected Products : pheap_cms
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4525

    Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.... Read more

    Affected Products : cubecart
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4527

    includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion... Read more

    Affected Products : cubecart
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4528

    Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php.... Read more

    Affected Products : membrepass
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4530

    Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php.... Read more

    Affected Products : membrepass
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4526

    SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter.... Read more

    Affected Products : cubecart
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4524

    Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party informatio... Read more

    Affected Products : freekot
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4529

    SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter.... Read more

    Affected Products : membrepass
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4523

    The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.... Read more

    Affected Products : homeportal officeportal
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4533

    Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sit... Read more

    Affected Products : plume_cms
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4532

    PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter.... Read more

    Affected Products : yet_another_community_system_cms
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-4522

    Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors.... Read more

    Affected Products : aix
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4506

    idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.... Read more

    Affected Products : identity_manager identity_manager
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294359 Results