Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2006-0621

    Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands.... Read more

    Affected Products : rtos
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-0614

    Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the r... Read more

    Affected Products : jre sdk jdk
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0616

    Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."... Read more

    Affected Products : jre jdk
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0617

    Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh is... Read more

    Affected Products : jre jdk
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 6.2

    MEDIUM
    CVE-2006-0620

    Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables.... Read more

    Affected Products : rtos
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0624

    SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.... Read more

    Affected Products : whomp_real_estate_manager_xp_2005
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-0619

    Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow local users to execute arbitrary code via long (1) ABLPATH or (2) ABLANG environment variables in the libAP library (libAp.so.2) or (3) a long PHOTON_PATH environment variable to the s... Read more

    Affected Products : rtos
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-0623

    QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.... Read more

    Affected Products : rtos
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0615

    Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, a... Read more

    Affected Products : jre sdk jdk
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-0618

    Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name).... Read more

    Affected Products : neutrino_rtos
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-0612

    Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.... Read more

    Affected Products : powersave
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0611

    Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter.... Read more

    Affected Products : atmail
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0610

    Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['ac... Read more

    Affected Products : 2200net_calendar
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0609

    Cross-site scripting (XSS) vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : phphd
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0608

    Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to check.php or (2) unknown attack vectors to scripts that display information from the database.... Read more

    Affected Products : phphd
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0606

    SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.... Read more

    Affected Products : shoutbox
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0604

    check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access.... Read more

    Affected Products : phphg_guestbook
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0602

    Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4)... Read more

    Affected Products : phphg_guestbook
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0605

    Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain Shoutbox 2005.07.21 allow remote attackers to inject arbitrary web script or HTML, possibly via the (1) Handle or (2) Message fields.... Read more

    Affected Products : shoutbox
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0607

    check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication.... Read more

    Affected Products : phphd
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293367 Results