Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-2034

    SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.... Read more

    Affected Products : flexbb
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-2028

    Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal... Read more

    Affected Products : simplog
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2031

    Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.... Read more

    Affected Products : phpmyadmin
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2033

    PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary ... Read more

    Affected Products : corenews
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-2027

    Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argum... Read more

    Affected Products : quick_n_easy_ftp_server
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2032

    Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.... Read more

    Affected Products : corenews
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0048

    Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer over... Read more

    Affected Products : tcpick
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-2025

    Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.... Read more

    Affected Products : libtiff
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-2026

    Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods... Read more

    Affected Products : libtiff
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-2024

    Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) ti... Read more

    Affected Products : libtiff
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1863

    Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.... Read more

    Affected Products : linux_kernel
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-2020

    Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information.... Read more

    Affected Products : asteriskathome
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2021

    Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording p... Read more

    Affected Products : asteriskathome
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2022

    Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.... Read more

    Affected Products : fenice
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2023

    Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access.... Read more

    Affected Products : fenice
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2019

    Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.... Read more

    Affected Products : safari
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2013

    SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue could be used to produce resultant XSS from an error message.... Read more

    Affected Products : sl_site
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2018

    SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE... Read more

    Affected Products : vbulletin
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2015

    Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other... Read more

    Affected Products : sl_site
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2000

    Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter.... Read more

    Affected Products : logmethods
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293625 Results