Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-2918

    The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."... Read more

    Affected Products : captcha_asp.net
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3199

    Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation.... Read more

    Affected Products : opera_browser
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2915

    Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.... Read more

    Affected Products : deluxebb
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-3202

    The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creat... Read more

    Affected Products : netbsd
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3198

    Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended.... Read more

    Affected Products : opera_browser
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-3201

    Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.... Read more

    Affected Products : hp-ux
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3200

    Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service (crash) via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue.... Read more

    Affected Products : internet_explorer
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2914

    PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.ph... Read more

    Affected Products : deluxebb
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-2445

    Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.6

    MEDIUM
    CVE-2006-2448

    Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possi... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-3085

    xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3196

    index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message.... Read more

    Affected Products : singapore
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3170

    CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.... Read more

    Affected Products : cs-forum
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3195

    Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter.... Read more

    Affected Products : singapore
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3185

    PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter.... Read more

    Affected Products : cms_faethon
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3175

    Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php, (2) ecrire.php, and (3) lire.php. NOTE: it was later reported that the ecrire.php ... Read more

    Affected Products : mcguestbook
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3190

    SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.... Read more

    Affected Products : hotplug_cms
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3178

    Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.... Read more

    Affected Products : chm_lib
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3182

    Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the uid parameter in the rss page.... Read more

    Affected Products : mobile_space_community
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3173

    Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parame... Read more

    Affected Products : content\*builder
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293685 Results