Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-2606

    Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username.... Read more

    Affected Products : chatty
    • Published: May. 25, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2549

    Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names.... Read more

    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-2574

    Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.... Read more

    Affected Products : hp-ux
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2577

    Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) ... Read more

    Affected Products : docebo
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2575

    The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error.... Read more

    Affected Products : netpanzer
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2576

    Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php... Read more

    Affected Products : docebo
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2571

    Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.... Read more

    Affected Products : opencms
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2569

    SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.... Read more

    Affected Products : burning_board 4r_linklist
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2570

    PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite is... Read more

    Affected Products : calogic_calendars
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2568

    PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.... Read more

    Affected Products : ubb.threads
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2579

    Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : openview_storage_data_protector
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2578

    admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config para... Read more

    Affected Products : esyndicat_directory
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2573

    SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the proven... Read more

    Affected Products : dgbook
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2572

    Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.... Read more

    Affected Products : dgbook
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2580

    Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors.... Read more

    Affected Products : openview_network_node_manager
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2564

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending ... Read more

    Affected Products : e-friends
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2566

    Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any a... Read more

    Affected Products : article_manager_pro
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2565

    SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produ... Read more

    Affected Products : article_manager_pro
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2567

    Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style She... Read more

    Affected Products : article_manager_pro
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-1862

    The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293651 Results