Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-3732

    Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information.... Read more

    Affected Products : cs-mars
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3683

    PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.... Read more

    Affected Products : flipper_poll
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3728

    Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structur... Read more

    Affected Products : solaris sunos
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3692

    PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating tha... Read more

    Affected Products : listmessenger
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2006-3720

    Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# EM02.... Read more

    Affected Products : enterprise_manager
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3757

    index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: thi... Read more

    Affected Products : zen_cart zen_cart
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-3703

    Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07.... Read more

    Affected Products : database_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3754

    PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter.... Read more

    Affected Products : flushcms
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3685

    PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.... Read more

    Affected Products : czarnews
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-3734

    Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root.... Read more

    Affected Products : cs-mars
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-3707

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02.... Read more

    Affected Products : application_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-3724

    Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorld Tools EnterpriseOne Tools 8.95 and 8.96 has unknown impact and attack vectors, aka Oracle Vuln# JDE01.... Read more

    Affected Products : enterpriseone
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3762

    The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a "file///" URI in the sPath parameter to the Execute function.... Read more

    Affected Products : activex_control
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3767

    Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file ... Read more

    Affected Products : osdate
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3765

    Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php.... Read more

    Affected Products : hwdeguest
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-3469

    Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format fun... Read more

    Affected Products : mysql mysql
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-3711

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06.... Read more

    Affected Products : application_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-3632

    Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.... Read more

    Affected Products : enterprise_linux ethereal
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3706

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01.... Read more

    Affected Products : application_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-3468

    Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and cau... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294121 Results