Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-1703

    PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter.... Read more

    Affected Products : sire
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1696

    Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : gallery
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1060

    Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocate... Read more

    Affected Products : xzgv
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1705

    Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.... Read more

    Affected Products : oracle10g oracle9i
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1708

    SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php.... Read more

    Affected Products : clansys
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1704

    Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php.... Read more

    Affected Products : sire
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1706

    Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. ... Read more

    Affected Products : shopweezle
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1694

    SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : xbrite_members
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1699

    Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode.... Read more

    Affected Products : banner_generator
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1690

    Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter.... Read more

    Affected Products : mwnewsletter
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1702

    PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.... Read more

    Affected Products : spip
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1698

    Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; t... Read more

    Affected Products : matt_wright_guestbook
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-1695

    The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].... Read more

    Affected Products : fbida
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1692

    Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: th... Read more

    Affected Products : mwnewsletter
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1709

    Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.... Read more

    Affected Products : interaktiv.shop
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1691

    SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php.... Read more

    Affected Products : mwnewsletter
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1697

    Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.... Read more

    Affected Products : matt_wright_guestbook
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1707

    index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter.... Read more

    Affected Products : shopweezle
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1693

    Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument.... Read more

    Affected Products : secure_ftp_server
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1687

    Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality.... Read more

    Affected Products : apt-webshop-system
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293577 Results