Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-3561

    BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh,... Read more

    Affected Products : voyager_2091_wireless_adsl_router
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3560

    SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter.... Read more

    Affected Products : graffiti_forums
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3564

    Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (... Read more

    Affected Products : hivemail
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3565

    SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter.... Read more

    Affected Products : hivemail
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3545

    Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Mi... Read more

    Affected Products : internet_explorer
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3543

    Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) r... Read more

    Affected Products : invision_power_board
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3557

    MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.... Read more

    Affected Products : mt_orumcek_toplist
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-3551

    NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and possibly earlier versions, when the Link Firewall and Personal Firewall are both configured to block all inbound and outbound network traffic, allows context-dependent attackers to send ... Read more

    Affected Products : secure_client
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-3553

    PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php.... Read more

    Affected Products : planetnews
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3550

    Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."... Read more

    Affected Products : firepass_4100
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3558

    Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is disp... Read more

    Affected Products : auracms
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3539

    Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fi... Read more

    Affected Products : dragons_kingdom_script
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3542

    Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) ite... Read more

    Affected Products : shopping_cart
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2006-3547

    EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, sayin... Read more

    Affected Products : player
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3546

    Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463.... Read more

    Affected Products : imgsvr
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3538

    Multiple cross-site scripting (XSS) vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the (1) "Your name" field and (2) "Enter Prayer Reque... Read more

    Affected Products : eprayer
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3556

    PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.... Read more

    Affected Products : extcalendar
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3548

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (... Read more

    Affected Products : horde
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-3540

    Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (syste... Read more

    Affected Products : zonealarm_security_suite
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3549

    services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http,... Read more

    Affected Products : horde_application_framework
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294726 Results