Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-0679

    SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field).... Read more

    Affected Products : php-nuke_ev
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0733

    Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the resear... Read more

    Affected Products : wordpress
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0729

    SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters.... Read more

    Affected Products : teca_diary
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0721

    SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter.... Read more

    Affected Products : runcms
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0730

    Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) do... Read more

    Affected Products : dovecot
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0731

    WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.... Read more

    Affected Products : business_connector
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0723

    PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter.... Read more

    Affected Products : magic_news_lite
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0727

    SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL command... Read more

    Affected Products : df_msanalysis
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0726

    Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.... Read more

    Affected Products : dragonfly_cms
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0728

    SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.... Read more

    Affected Products : webspell
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0735

    Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode ta... Read more

    Affected Products : my_blog html-bbcode
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0724

    profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new... Read more

    Affected Products : magic_news_lite
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-0732

    Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details wil... Read more

    Affected Products : business_connector
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0734

    The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection... Read more

    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0722

    settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) ne... Read more

    Affected Products : magic_downloads
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-0725

    PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and ... Read more

    Affected Products : plume_cms
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-0455

    gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature veri... Read more

    Affected Products : privacy_guard
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0719

    SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter.... Read more

    Affected Products : php_classifieds
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0718

    The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Te... Read more

    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0704

    iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error messa... Read more

    Affected Products : ie_integrator
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293436 Results