Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-1535

    Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter.... Read more

    Affected Products : phxcontacts
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1533

    SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter.... Read more

    Affected Products : newsletter
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1544

    Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza and (2) tresckomentarza parameters.... Read more

    Affected Products : vnews
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2006-1542

    Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has... Read more

    Affected Products : python
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-1503

    PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulner... Read more

    Affected Products : virtual_war
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-1504

    Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php.... Read more

    Affected Products : arab_portal
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1508

    Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a... Read more

    Affected Products : connect_daily
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-1510

    Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a ... Read more

    Affected Products : .net_framework
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-1509

    /sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.... Read more

    Affected Products : hp-ux
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1505

    base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes".... Read more

    Affected Products : base
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1507

    Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.... Read more

    Affected Products : phpkit
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-1506

    Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.... Read more

    Affected Products : grid_engine n1_grid_engine
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-1511

    Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name.... Read more

    Affected Products : .net_framework
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1495

    SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option.... Read more

    Affected Products : phpcollab netoffice
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1496

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via (1) a remote URL in the page parameter, which is processed by an fopen call, or (2) HTML or script in the pa... Read more

    Affected Products : vihordesign
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-1502

    Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negati... Read more

    Affected Products : mplayer
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1498

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links.... Read more

    Affected Products : mediawiki
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1499

    SQL injection vulnerability in vCounter.php in vCounter 1.0 allows remote attackers to execute arbitrary SQL commands via the URI (_SERVER[REQUEST_URI] variable).... Read more

    Affected Products : vcounter
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1500

    SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : tilde_cms
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1501

    SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action.... Read more

    Affected Products : oneorzero
    • Published: Mar. 30, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293555 Results