Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-2047

    Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID ... Read more

    Affected Products : cartweaver_coldfusion
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2057

    Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft ... Read more

    Affected Products : firefox
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2062

    Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) ag... Read more

    Affected Products : leadhound_full leadhound_lite
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2059

    action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to ... Read more

    Affected Products : invision_power_board
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2050

    SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter.... Read more

    Affected Products : dcforumlite
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2061

    SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.... Read more

    Affected Products : invision_power_board invision_board
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2049

    Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter.... Read more

    Affected Products : dcforumlite
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-2045

    The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, wh... Read more

    Affected Products : ip3_netaccess_75
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2054

    3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets.... Read more

    Affected Products : 3c16486
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2046

    Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID param... Read more

    Affected Products : cartweaver_coldfusion
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-2043

    na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).... Read more

    Affected Products : ip3_netaccess_75
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-2051

    Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters.... Read more

    Affected Products : nextage_shopping_cart
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2048

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected v... Read more

    Affected Products : phpwebftp
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2060

    Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name... Read more

    Affected Products : invision_power_board
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-2052

    Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since t... Read more

    Affected Products : instant_photo_gallery
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2063

    Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_hel... Read more

    Affected Products : leadhound_full leadhound_lite
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2055

    Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Micro... Read more

    Affected Products : outlook
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2044

    na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin.... Read more

    Affected Products : ip3_netaccess_75
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2056

    Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by lau... Read more

    Affected Products : internet_explorer windows_xp
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2053

    Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID... Read more

    Affected Products : quickestore
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293615 Results