Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2006-2071

    Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue wit... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2067

    SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.... Read more

    Affected Products : mkportal
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2068

    Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data.... Read more

    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2069

    The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.... Read more

    Affected Products : powerdns recursor
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2066

    Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parame... Read more

    Affected Products : mkportal
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2070

    Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action.... Read more

    Affected Products : devbb
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-2064

    Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions.... Read more

    Affected Products : solaris
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2065

    SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting di... Read more

    Affected Products : phpsurveyor
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1514

    Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript.... Read more

    Affected Products : abcmidi
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2058

    Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Micr... Read more

    Affected Products : avant_browser
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2047

    Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID ... Read more

    Affected Products : cartweaver_coldfusion
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2057

    Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft ... Read more

    Affected Products : firefox
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2062

    Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) ag... Read more

    Affected Products : leadhound_full leadhound_lite
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2059

    action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to ... Read more

    Affected Products : invision_power_board
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2050

    SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter.... Read more

    Affected Products : dcforumlite
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2061

    SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.... Read more

    Affected Products : invision_power_board invision_board
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2049

    Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter.... Read more

    Affected Products : dcforumlite
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-2045

    The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, wh... Read more

    Affected Products : ip3_netaccess_75
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2054

    3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets.... Read more

    Affected Products : 3c16486
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2046

    Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID param... Read more

    Affected Products : cartweaver_coldfusion
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293645 Results