Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-2816

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas... Read more

    Affected Products : coolphp_magazine
    • Published: Jun. 05, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2824

    Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #... Read more

    Affected Products : mailmanager
    • Published: Jun. 05, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2819

    PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter.... Read more

    Affected Products : igloo
    • Published: Jun. 05, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2810

    Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered b... Read more

    Affected Products : vcard
    • Published: Jun. 05, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2807

    ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.... Read more

    Affected Products : speedy_asp_discussion_forum
    • Published: Jun. 05, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2817

    SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.... Read more

    Affected Products : tekno.portal
    • Published: Jun. 05, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2809

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year... Read more

    Affected Products : ar-blog
    • Published: Jun. 05, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2802

    Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.... Read more

    Affected Products : xine-lib gxine
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2801

    Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters.... Read more

    Affected Products : unak_cms
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2804

    Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intelligent Content Management (iCM) 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unkno... Read more

    Affected Products : icm
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2805

    SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter.... Read more

    Affected Products : vbulletin
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2799

    Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown; the details are obtained so... Read more

    Affected Products : toendacms
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2803

    Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) id parameter to index.php, (2) search field (possibly the s parameter), or (3) comment field.... Read more

    Affected Products : php_manualmaker
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2800

    Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. NOTE: this might be resultant from SQL injection.... Read more

    Affected Products : unak_cms
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2795

    Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this... Read more

    Affected Products : xiti_tracking_script
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2797

    Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php... Read more

    Affected Products : phpcommunitycalendar
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2791

    Directory traversal vulnerability in index.php in iBoutique.MALL and possibly iBoutique allows remote attackers to read arbitrary files via ".." sequences in the function parameter.... Read more

    Affected Products : iboutique.mall
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-2794

    Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter.... Read more

    Affected Products : aspsitem
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2798

    Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php.... Read more

    Affected Products : phpcommunitycalendar
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2796

    Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message.... Read more

    Affected Products : captivate
    • Published: Jun. 03, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293646 Results