Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2006-0025

    Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.... Read more

    Affected Products : windows_media_player
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-1303

    Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Mi... Read more

    Affected Products : internet_explorer ie
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2373

    The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER m... Read more

    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2370

    Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC rela... Read more

    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-2660

    Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents ... Read more

    Affected Products : php
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2376

    Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and numb... Read more

    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3007

    Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.... Read more

    Affected Products : shoutcast_server
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3005

    The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory ... Read more

    Affected Products : linux media-libs_jpeg
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3006

    Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly other versions before 0.50, allows remote attackers to inject arbitrary HTML or web script via a base64-encoded file parameter.... Read more

    Affected Products : ifoto
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-2994

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) url fields, and (4) text field (content parameter).... Read more

    Affected Products : phazizguestbook
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3003

    details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces... Read more

    Affected Products : easy_ad-manager
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2985

    SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter.... Read more

    Affected Products : integramod
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2987

    Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) voteid, and (3) vfiel parameters to (a) index.php, and via the (4) nick, (5) email, (6) ... Read more

    Affected Products : picrate
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2989

    Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter.... Read more

    Affected Products : listpics
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2908

    The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable... Read more

    Affected Products : mybulletinboard
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2990

    Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : vanillasoft_helpdesk
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2998

    PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter.... Read more

    Affected Products : free_qboard
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3002

    Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that this ... Read more

    Affected Products : easy_ad-manager
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2993

    Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp.... Read more

    Affected Products : my_photo_scrapbook
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3001

    Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in a... Read more

    Affected Products : okmall
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293970 Results