Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-1415

    Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter.... Read more

    Affected Products : dotnetbb_forums
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1410

    Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field.... Read more

    Affected Products : absolute_live_support_xe
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1412

    TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.... Read more

    Affected Products : tft_gallery
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1406

    Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters.... Read more

    Affected Products : uniforum
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1397

    Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in... Read more

    Affected Products : phpadsnew phppgads
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1399

    Cross-site scripting (XSS) vulnerability in searchresult.php in Meeting Reserve 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. NOTE: the provenance of this information is unknown; the details are ob... Read more

    Affected Products : meeting_reserve
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1411

    Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and (2) unspecified search module parameters.... Read more

    Affected Products : absolute_image_gallery_xe
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1409

    Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (application crash) via an invalid comprLength value in a compressed packet.... Read more

    Affected Products : vavoom
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-1403

    Format string vulnerability in the PrintString function in c_console.cpp in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via format string specifiers in strings pa... Read more

    Affected Products : csdoom_2005
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1398

    Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1.0 allows remote attackers to inject arbitrary web script or HTML via the g_message parameter.... Read more

    Affected Products : g-book
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-1404

    Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file or (2) function parameter.... Read more

    Affected Products : blankol
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1401

    Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; th... Read more

    Affected Products : calendar_express
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-1407

    Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel pa... Read more

    Affected Products : helm_web_hosting_control_panel
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1408

    Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via (1) a packet with no data or (2) a large packet, which prevents Vavoom from discarding the packet from the socket.... Read more

    Affected Products : vavoom
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-1405

    Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite.NET Content Management System (ssCMS) 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.... Read more

    Affected Products : sscms
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1402

    Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute arbitrary code via a long string sent when joining a ma... Read more

    Affected Products : csdoom
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1400

    Cross-site scripting (XSS) vulnerability in MyTasks/PersonalTaskEdit.asp in Metisware Instructor 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Task parameter.... Read more

    Affected Products : instructor
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-0990

    Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : netbackup
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-0989

    Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : netbackup
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.1

    HIGH
    CVE-2006-0991

    Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).... Read more

    Affected Products : netbackup
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293555 Results