Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-2089

    Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters.... Read more

    Affected Products : mysmartbb
    • Published: Apr. 29, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-2100

    Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.... Read more

    Affected Products : magic_iso_maker
    • Published: Apr. 29, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2105

    Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter.... Read more

    Affected Products : jupiter_cms
    • Published: Apr. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-2103

    SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfun... Read more

    Affected Products : mybulletinboard
    • Published: Apr. 29, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2083

    Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.... Read more

    Affected Products : rsync
    • Published: Apr. 28, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2080

    SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes... Read more

    Affected Products : instant_photo_gallery
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2079

    Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.... Read more

    Affected Products : instant_photo_gallery
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-2081

    Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third ... Read more

    Affected Products : database_server
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2077

    Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors. NOTE: this issue might be related to the OUSPG PROTOS DNS test suite.... Read more

    Affected Products : pdnsd
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-2078

    Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Re... Read more

    Affected Products : fitelnet mucho-ev_pk
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2076

    Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite.... Read more

    Affected Products : pdnsd
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2075

    Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka "Query-of-death," as demonstrated by the OUSPG PROTOS DNS test suite.... Read more

    Affected Products : mydns
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2072

    Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a... Read more

    Affected Products : delegate
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2073

    Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.... Read more

    Affected Products : bind delegate
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2074

    Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite.... Read more

    Affected Products : junose
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-2071

    Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue wit... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2067

    SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.... Read more

    Affected Products : mkportal
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2068

    Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data.... Read more

    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2069

    The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.... Read more

    Affected Products : powerdns recursor
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2066

    Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parame... Read more

    Affected Products : mkportal
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293620 Results