Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-2496

    Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.... Read more

    Affected Products : edirectory imonitor
    • Published: May. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-2497

    Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp.... Read more

    Affected Products : aspbb
    • Published: May. 20, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2500

    Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected beh... Read more

    Affected Products : codeavalanche_news
    • Published: May. 20, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2498

    Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.... Read more

    Affected Products : invision_power_board
    • Published: May. 20, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2501

    Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 St... Read more

    • Published: May. 20, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2495

    Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.... Read more

    Affected Products : serendipity
    • Published: May. 20, 2006
    • Modified: Apr. 03, 2025

  • 8.8

    HIGH
    CVE-2006-2492

    Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC o... Read more

    Affected Products : office word works_suite
    • Actively Exploited
    • Published: May. 20, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1856

    Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.... Read more

    Affected Products : linux_kernel
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2485

    PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter.... Read more

    Affected Products : quezza_bb
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2491

    Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is acces... Read more

    Affected Products : boastmachine boastmachine
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2483

    PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter.... Read more

    Affected Products : squirrelcart
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2489

    Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different ... Read more

    Affected Products : nagios
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2487

    Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail... Read more

    Affected Products : scoznews
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2488

    Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/g... Read more

    Affected Products : spymac_web_os
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2486

    SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter.... Read more

    Affected Products : yapbb
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2490

    Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encode... Read more

    Affected Products : mobotix_ip_network_camera
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2484

    Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.... Read more

    Affected Products : web_mail
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.7

    MEDIUM
    CVE-2006-0039

    Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with all... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2480

    Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the o... Read more

    Affected Products : enterprise_linux dia
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2312

    Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.... Read more

    Affected Products : windows skype
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293620 Results