Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-2616

    SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter.... Read more

    Affected Products : webhost_directory
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2618

    Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not ... Read more

    Affected Products : webhost_directory
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-2612

    Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prom... Read more

    Affected Products : client
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2613

    Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by... Read more

    Affected Products : firefox mozilla_suite navigator
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2615

    ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter.... Read more

    Affected Products : russcom.ping
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2611

    Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) charac... Read more

    Affected Products : mediawiki
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2609

    artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this informat... Read more

    Affected Products : artmedic_newsletter
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2610

    Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter.... Read more

    Affected Products : phpraid
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2617

    (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. N... Read more

    Affected Products : webhost_directory
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-2607

    do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program th... Read more

    Affected Products : vixie_cron
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-2444

    The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of ran... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2583

    PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.... Read more

    Affected Products : nucleus_cms
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2588

    Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clea... Read more

    Affected Products : phpimages
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2589

    SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstrat... Read more

    Affected Products : mybulletinboard
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2585

    SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.... Read more

    Affected Products : destiney_links_script
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2591

    Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".... Read more

    Affected Products : e107
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2605

    Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php.... Read more

    Affected Products : dschat
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2592

    Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are ... Read more

    Affected Products : dschat
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2581

    Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : rwiki
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2582

    The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors.... Read more

    Affected Products : rwiki
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293655 Results