Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-3653

    wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.... Read more

    Affected Products : works
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3672

    KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero... Read more

    Affected Products : konqueror
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3655

    Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-... Read more

    Affected Products : powerpoint
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3661

    Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party inf... Read more

    Affected Products : cutenews
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3610

    index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to obtain sensitive information (partial database schema) via a modified page_name parameter, which reflects portions of an SQL query in the result. NOTE: it is not clear whether the inform... Read more

    Affected Products : orbitmatrix
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3616

    Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, afte... Read more

    Affected Products : lazarus_guestbook
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3622

    The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL ... Read more

    Affected Products : koobi_pro
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3614

    index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to trigger a SQL error via the page_name parameter, possibly due to a SQL injection vulnerability.... Read more

    Affected Products : orbitmatrix
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3609

    Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to inject arbitrary web script or HTML via the page_name parameter with an IMG tag containing a javascript URI in the SRC attribute.... Read more

    Affected Products : orbitmatrix
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-3608

    The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an... Read more

    Affected Products : flatnuke
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3613

    Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this... Read more

    Affected Products : ezwaiter_online
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2006-3611

    Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a ... Read more

    Affected Products : phorum
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3625

    FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message.... Read more

    Affected Products : flv_player
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3612

    Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phorum
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3617

    Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email param... Read more

    Affected Products : pixelated_by_lev_guestbook
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3606

    Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.... Read more

    Affected Products : solaris sunos
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3615

    Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.... Read more

    Affected Products : phorum
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3620

    Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.... Read more

    Affected Products : koobi_pro
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3607

    Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPS... Read more

    Affected Products : banner_exchange
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3624

    Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 allow remote attackers to inject arbitrary web script or HTML via the url parameter to (1) player.php or (2) popup.php.... Read more

    Affected Products : flv_player
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294836 Results