Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-1190

    Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow r... Read more

    Affected Products : internet_explorer
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1714

    CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter.... Read more

    Affected Products : phpmyforum
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1719

    Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.... Read more

    Affected Products : ie
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1720

    Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection.... Read more

    Affected Products : saphplesson
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1713

    Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : phpmyforum
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-1717

    Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.... Read more

    Affected Products : mybulletinboard
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1186

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.... Read more

    Affected Products : internet_explorer ie
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1188

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.... Read more

    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-1191

    Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user ... Read more

    Affected Products : internet_explorer
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1718

    Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc.... Read more

    Affected Products : clever_copy
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1712

    Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.... Read more

    Affected Products : mailman
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2006-1710

    SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters.... Read more

    Affected Products : dnguestbook
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1711

    Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.... Read more

    Affected Products : plone
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1701

    Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.... Read more

    Affected Products : shadowed_portal
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1700

    Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication.... Read more

    Affected Products : scripts_seller
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1703

    PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter.... Read more

    Affected Products : sire
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1696

    Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : gallery
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1060

    Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocate... Read more

    Affected Products : xzgv
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1705

    Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.... Read more

    Affected Products : oracle10g oracle9i
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1708

    SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php.... Read more

    Affected Products : clansys
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293592 Results