Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2006-0297

    Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-0298

    The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.... Read more

    Affected Products : firefox seamonkey
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0293

    The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates o... Read more

    Affected Products : firefox
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0294

    Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operat... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0530

    Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages.... Read more

    Affected Products : messaging
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0529

    Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105.... Read more

    Affected Products : messaging
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0292

    The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage c... Read more

    Affected Products : firefox mozilla
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-0295

    Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corr... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0296

    The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.... Read more

    Affected Products : firefox seamonkey
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-0525

    Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan... Read more

    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0524

    Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : ashnews
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0520

    SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are obta... Read more

    Affected Products : portal_module
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0528

    The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a... Read more

    Affected Products : evolution
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-0526

    The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program.... Read more

    Affected Products : aol_client_software
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0527

    BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.... Read more

    Affected Products : bind
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0521

    Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag.... Read more

    Affected Products : browsercrm
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0516

    Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.... Read more

    Affected Products : solaris
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0523

    SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable.... Read more

    Affected Products : mybulletinboard
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0517

    Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve p... Read more

    Affected Products : spip
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0519

    SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.... Read more

    Affected Products : spip
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293426 Results