Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2006-2284

    Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php.... Read more

    Affected Products : claroline dokeos
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2280

    Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter.... Read more

    Affected Products : openengine
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2282

    Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php.... Read more

    Affected Products : x7_chat
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2292

    Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parameter in (c) calendar_detail.asp. NOTE: the provenance o... Read more

    Affected Products : ia-calendar
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-0561

    Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryp... Read more

    Affected Products : secure_access_control_server
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2294

    Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal.... Read more

    Affected Products : dynamic_galerie
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2290

    Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parameter.... Read more

    Affected Products : 2005-comments-script
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2295

    Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary files via an absolute path in the pfad parameter to (1) index.php and (2) galerie.php.... Read more

    Affected Products : dynamic_galerie
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-2287

    Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the fields in a user's profile.... Read more

    Affected Products : vision_source_cms
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-2291

    Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained from thi... Read more

    Affected Products : ia-calendar
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-2289

    Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors.... Read more

    Affected Products : avahi
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2277

    Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image i... Read more

    Affected Products : mac_os_x
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2279

    Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php.... Read more

    Affected Products : saphplesson
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-2281

    X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it.... Read more

    Affected Products : x-poll
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-2296

    SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained from thir... Read more

    Affected Products : edirectorypro
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-2276

    bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface.... Read more

    Affected Products : quagga
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1184

    Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a cer... Read more

    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-2288

    Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts.... Read more

    Affected Products : avahi
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-2286

    Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositoryS... Read more

    Affected Products : dokeos dokeos_community_release
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0027

    Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.... Read more

    Affected Products : exchange_server
    • Published: May. 10, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294758 Results