Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2006-2745

    Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-... Read more

    Affected Products : facile_interactive_web
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2750

    Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an ... Read more

    Affected Products : open_searchable_image_catalogue
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2737

    utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.... Read more

    Affected Products : nukedit
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2744

    PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.... Read more

    Affected Products : facile_interactive_web
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2749

    SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.... Read more

    Affected Products : open_searchable_image_catalogue
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2006-2439

    Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.... Read more

    Affected Products : zipcentral
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2740

    Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) q parameter in (a) forgot.php, and the (2) username and (3) password parameters in (b) login.php, and other unspecified v... Read more

    Affected Products : tinybb
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2738

    The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed.... Read more

    Affected Products : open-xchange
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2736

    PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: Thi... Read more

    Affected Products : blend_portal
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2732

    SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.... Read more

    Affected Products : mini-nuke
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2748

    SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in ad... Read more

    Affected Products : open_searchable_image_catalogue
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2747

    Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo.... Read more

    Affected Products : phpmydesktop_arcade
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2742

    SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.... Read more

    Affected Products : drupal
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2735

    PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_pa... Read more

    Affected Products : activity_mod_plus
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2730

    PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue mi... Read more

    Affected Products : hot_open_tickets
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2727

    home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.... Read more

    Affected Products : eggblog
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2741

    Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors.... Read more

    Affected Products : tinybb
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2733

    membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts.... Read more

    Affected Products : mini-nuke
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2751

    Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php.... Read more

    Affected Products : open_searchable_image_catalogue
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2720

    SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter.... Read more

    Affected Products : variomat
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293650 Results