Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2006-3713

    Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09.... Read more

    Affected Products : application_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3749

    PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path param... Read more

    Affected Products : sitemap
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-3718

    Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17.... Read more

    Affected Products : exchange
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0818

    Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language ... Read more

    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0817

    Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive ... Read more

    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3687

    Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote at... Read more

    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-3694

    Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".... Read more

    Affected Products : ruby
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-3629

    Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.... Read more

    Affected Products : enterprise_linux ethereal
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3680

    Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1.0 allows remote attackers to inject arbitrary web script or HTML via the phpage parameter.... Read more

    Affected Products : photocycle
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-3628

    Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.... Read more

    Affected Products : enterprise_linux wireshark ethereal
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3695

    Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (X... Read more

    Affected Products : trac
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3682

    awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.... Read more

    Affected Products : awstats awstats
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3731

    Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to th... Read more

    Affected Products : firefox
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3684

    PHP remote file inclusion vulnerability in calendar.php in SoftComplex PHP Event Calendar 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_calendar parameter, which overwrites the $path_to_calendar variable from an extrac... Read more

    Affected Products : php_event_calendar
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-3693

    Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system functi... Read more

    Affected Products : rocks_clusters
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3688

    SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : photo-gallery
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3691

    Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php.... Read more

    Affected Products : vbzoom
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-3701

    Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05.... Read more

    Affected Products : database_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-3699

    Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02.... Read more

    Affected Products : database_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3755

    PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. NOTE: the provenance of this information is unknown; ... Read more

    Affected Products : flushcms
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293970 Results