Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2006-3281

    Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose ... Read more

    Affected Products : internet_explorer
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3274

    Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.... Read more

    Affected Products : webmin
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3285

    The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (a... Read more

    Affected Products : wireless_control_system
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3279

    Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php.... Read more

    Affected Products : aedating
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3280

    Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Lo... Read more

    Affected Products : internet_explorer
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3277

    The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte ... Read more

    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3278

    Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hs... Read more

    Affected Products : h-sphere
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3273

    Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).... Read more

    Affected Products : some_chess
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3276

    Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".... Read more

    Affected Products : helix_dna_server
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3254

    SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.... Read more

    Affected Products : burning_board
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2200

    Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, ... Read more

    Affected Products : xine-lib mimms
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3257

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopi... Read more

    Affected Products : claroline
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3255

    SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.... Read more

    Affected Products : burning_board
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3256

    SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.... Read more

    Affected Products : burning_board
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3253

    Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the i... Read more

    Affected Products : vbulletin
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0456

    The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1470

    OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1469

    Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-1471

    Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstr... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3260

    Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter.... Read more

    Affected Products : vlbook
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293929 Results