Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-3150

    SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.... Read more

    Affected Products : cavoxcms
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3145

    Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.... Read more

    Affected Products : netpbm netpbm
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3141

    Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter.... Read more

    Affected Products : tradingeye_shop
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3158

    index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.... Read more

    Affected Products : eduha_meeting
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3163

    Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.... Read more

    Affected Products : imgallery
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-3143

    Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter.... Read more

    Affected Products : schoolmax
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3151

    Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.... Read more

    Affected Products : associated_cms
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3162

    PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.... Read more

    Affected Products : smartsitecms
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3153

    Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.... Read more

    Affected Products : ultimate_estate
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3165

    SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.... Read more

    Affected Products : free_realty
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3139

    Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.... Read more

    Affected Products : virtual_war
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3155

    Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.... Read more

    Affected Products : ultimate_estate
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3161

    SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter.... Read more

    Affected Products : saphplesson
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3167

    Free Realty before 2.9 allows remote attackers to obtain the full path and other sensitive information via unspecified manipulations that produce an error message.... Read more

    Affected Products : free_realty
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3129

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters.... Read more

    Affected Products : nc_linklist
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3132

    Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php.... Read more

    Affected Products : qtofilemanager
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3131

    Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) site... Read more

    Affected Products : clubpage
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3130

    SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter.... Read more

    Affected Products : clubpage
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3014

    Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the s... Read more

    Affected Products : excel
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-3128

    choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly ac... Read more

    Affected Products : easy-cms
    • Published: Jun. 21, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294726 Results