Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5017

    SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter.... Read more

    Affected Products : e-vision_cms
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5048

    Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php,... Read more

    Affected Products : joomla\! com_securityimages
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5045

    Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php.... Read more

    Affected Products : com_pollxt
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-5051

    Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.... Read more

    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5052

    Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."... Read more

    Affected Products : openssh
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5032

    PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter.... Read more

    Affected Products : phpartenaire
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5035

    Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent fi... Read more

    Affected Products : vcap
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5037

    MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. ... Read more

    Affected Products : mysource_matrix
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5030

    SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.... Read more

    Affected Products : content_management_system
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5029

    SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report wa... Read more

    Affected Products : burning_board
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5049

    Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors.... Read more

    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5036

    MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) att... Read more

    Affected Products : mysource_classic mysource_matrix
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-4694

    Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Wi... Read more

    Affected Products : office powerpoint
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5015

    PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter.... Read more

    Affected Products : kietu
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 7.2

    HIGH
    CVE-2006-5011

    Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".... Read more

    Affected Products : aix
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 7.8

    HIGH
    CVE-2006-5013

    Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.... Read more

    Affected Products : solaris
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 7.2

    HIGH
    CVE-2006-5006

    Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument.... Read more

    Affected Products : aix
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 4.6

    MEDIUM
    CVE-2006-5007

    Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.... Read more

    Affected Products : aix
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5008

    Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.... Read more

    Affected Products : aix
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 6.6

    MEDIUM
    CVE-2006-5012

    Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.... Read more

    Affected Products : solaris sunos
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294853 Results