Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-4589

    PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter.... Read more

    Affected Products : dyncms
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-4587

    Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the Help... Read more

    Affected Products : vtiger_crm
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-4593

    Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : softbb
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4591

    Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment... Read more

    Affected Products : template_seller
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4588

    vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.... Read more

    Affected Products : vtiger_crm
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-4585

    SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers ... Read more

    Affected Products : tr_forum
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4590

    SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this infor... Read more

    Affected Products : js_asp_faq_manager
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4594

    Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the ... Read more

    Affected Products : php_advanced_transfer_manager
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-3742

    The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.... Read more

    Affected Products : kdebase
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-4564

    SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter.... Read more

    Affected Products : smf
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-4563

    Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php.... Read more

    Affected Products : myheadlines
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4558

    DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.... Read more

    Affected Products : deluxebb
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-4552

    Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed.... Read more

    Affected Products : feedsplitter
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3126

    c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.... Read more

    Affected Products : capi4hylafax
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-4554

    Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power... Read more

    Affected Products : compression_plus
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4548

    e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_inclu... Read more

    Affected Products : e107
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4551

    Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed.... Read more

    Affected Products : feedsplitter
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4560

    Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the a... Read more

    Affected Products : internet_explorer ie
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4562

    The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configurat... Read more

    Affected Products : gateway_security
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4550

    Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypasses a security check.... Read more

    Affected Products : feedsplitter
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294858 Results