Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2006-3393

    Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded du... Read more

    Affected Products : nascar_racing
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3363

    PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter.... Read more

    Affected Products : xoops_glossaire_module
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3360

    Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error ... Read more

    Affected Products : phpsysinfo
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3383

    Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are ... Read more

    Affected Products : mads
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3402

    SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in.... Read more

    Affected Products : virtuastore
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2006-3351

    Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL a... Read more

    Affected Products : windows_2003_server windows_xp
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3354

    Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.... Read more

    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3353

    Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.... Read more

    Affected Products : opera_browser
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-3352

    Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP head... Read more

    Affected Products : firefox
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-3336

    TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerabil... Read more

    Affected Products : twiki
    • Published: Jul. 05, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-2910

    Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers th... Read more

    Affected Products : jetaudio jetaudio
    • Published: Jul. 05, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-2194

    The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user proc... Read more

    Affected Products : point-to-point_protocol
    • Published: Jul. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-2935

    The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that ... Read more

    • Published: Jul. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3345

    Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line.... Read more

    Affected Products : alipager
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3346

    SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter.... Read more

    Affected Products : mynewsgroups
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3349

    Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php.... Read more

    Affected Products : sms_script
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3344

    Siemens Speedstream Wireless Router 2624 allows local users to bypass authentication and access protected files by using the Universal Plug and Play UPnP/1.0 component.... Read more

    Affected Products : speedstream_wireless_router
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3348

    Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php.... Read more

    Affected Products : hspcomplete
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3347

    SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : devilz_clanportal
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3337

    Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : cpanel
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294860 Results