Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-3031

    Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fipsCMS 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) w, (2) phcat, (3) dayid, and (4) calw parameters.... Read more

    Affected Products : fipscms
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3040

    PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value ... Read more

    Affected Products : amr_talkbox
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-2916

    artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping pri... Read more

    Affected Products : linux_kernel arts
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3019

    Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_p... Read more

    Affected Products : phpcms
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3034

    MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message.... Read more

    Affected Products : myscrapbook
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3022

    Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter.... Read more

    Affected Products : fipsgallery
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3024

    Multiple cross-site scripting (XSS) vulnerabilities in EvGenius Counter 3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) monthly.php and (2) daily.php.... Read more

    Affected Products : evgenius_counter
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3037

    Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters.... Read more

    Affected Products : st_admanager_lite
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3021

    Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) n and (2) d parameters in (a) login.asp and the d parameter in (b) igallery.asp.... Read more

    Affected Products : i-gallery
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3027

    Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and ... Read more

    Affected Products : ephotos
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3030

    Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserNa... Read more

    Affected Products : dwzone_shopping_cart
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3038

    Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this scri... Read more

    Affected Products : realty_room_rent
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3041

    PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_co... Read more

    Affected Products : ltwcalendar
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3033

    Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input box in singlepage.php when submitting scrapbook pages.... Read more

    Affected Products : myscrapbook
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3039

    Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this scri... Read more

    Affected Products : realty_home_rent
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3042

    Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter... Read more

    Affected Products : ispconfig
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3023

    Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters.... Read more

    Affected Products : uphotogallery
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3020

    Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters.... Read more

    Affected Products : ws-album
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3026

    Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp.... Read more

    Affected Products : clickgallery
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3035

    Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in MyScrapbook 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) comment parameters. NOTE: the provenance of this information is unkn... Read more

    Affected Products : myscrapbook
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293671 Results