Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2006-1942

    Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image ... Read more

    Affected Products : firefox k-meleon navigator
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1941

    Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation.... Read more

    Affected Products : neon_responder
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1931

    The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.... Read more

    Affected Products : ruby
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1908

    Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third... Read more

    Affected Products : myevent
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1926

    SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter.... Read more

    Affected Products : thwboard
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-1921

    nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.... Read more

    Affected Products : php_net_tools
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1927

    Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug I... Read more

    Affected Products : ios_xr
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1910

    config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from th... Read more

    Affected Products : serendipity
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-1912

    MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to... Read more

    Affected Products : mybulletinboard
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1909

    Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" ... Read more

    Affected Products : coppermine_photo_gallery
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-1923

    Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.... Read more

    Affected Products : linpha
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1925

    Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce ... Read more

    Affected Products : cutenews
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1913

    Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : jax_guestbook
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1916

    Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters.... Read more

    Affected Products : dbbs
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1918

    Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php.... Read more

    Affected Products : papoo
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1915

    SQL injection vulnerability in topics.php in DbbS 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the fcategoryid parameter.... Read more

    Affected Products : dbbs
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1907

    Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. NOTE: the provenance of this informat... Read more

    Affected Products : myevent
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1917

    SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter.... Read more

    Affected Products : clanmemberskript
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1928

    Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packe... Read more

    Affected Products : ios_xr
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1929

    PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.... Read more

    Affected Products : i-rater_platinum
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293620 Results