Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2006-1864

    Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.... Read more

    Affected Products : linux_kernel
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2039

    Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.... Read more

    Affected Products : help_center_live
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2038

    Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detai... Read more

    Affected Products : ampleshop
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2041

    PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party informati... Read more

    Affected Products : phpwebgallery
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2037

    Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter.... Read more

    Affected Products : thwboard
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2040

    Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parameter in postcard.php; and (5) cat parameter in print.php.... Read more

    Affected Products : photokorn
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-2036

    iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring.... Read more

    Affected Products : secure_email_attachments
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2029

    Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and... Read more

    Affected Products : simplog
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2030

    The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing.... Read more

    Affected Products : at-9724ts
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2006-2035

    Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL.... Read more

    Affected Products : websense
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2034

    SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.... Read more

    Affected Products : flexbb
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-2028

    Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal... Read more

    Affected Products : simplog
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2031

    Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.... Read more

    Affected Products : phpmyadmin
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2033

    PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary ... Read more

    Affected Products : corenews
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-2027

    Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argum... Read more

    Affected Products : quick_n_easy_ftp_server
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2032

    Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.... Read more

    Affected Products : corenews
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0048

    Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer over... Read more

    Affected Products : tcpick
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-2025

    Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.... Read more

    Affected Products : libtiff
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-2026

    Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods... Read more

    Affected Products : libtiff
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-2024

    Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) ti... Read more

    Affected Products : libtiff
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293615 Results