Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-0540

    Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : vanilla_guestbook
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0548

    SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle a... Read more

    Affected Products : database_server
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0543

    Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenan... Read more

    Affected Products : trillian
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0549

    SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the... Read more

    Affected Products : database_server
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-0539

    The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data.... Read more

    Affected Products : fcron
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0550

    Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cann... Read more

    Affected Products : oracle_client
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0546

    Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerabilit... Read more

    Affected Products : egeinternet
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0551

    SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, ... Read more

    Affected Products : database_server
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0541

    Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages."... Read more

    Affected Products : vanilla_guestbook
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0547

    Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSIO... Read more

    Affected Products : database_server
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0544

    urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a ... Read more

    Affected Products : ie
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0542

    Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters.... Read more

    Affected Products : guestbookhost
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0533

    Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.... Read more

    Affected Products : cpanel
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-0531

    Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.... Read more

    Affected Products : java_system_access_manager
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0534

    Multiple cross-site scripting (XSS) vulnerabilities in default.asp in CyberShop Ultimate E-commerce allow remote attackers to inject arbitrary web script or HTML via the (1) ortak or (2) kat parameter.... Read more

    Affected Products : asp_ultimate_e-commerce_script
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0536

    Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows th... Read more

    Affected Products : neomail
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0538

    CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections.... Read more

    Affected Products : ironmail
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0532

    Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker Shop allows remote attackers to inject arbitrary web script or HTML via a strSok parameter containing a javascript: URI in an IMG SRC attribute.... Read more

    Affected Products : shop
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0537

    Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument.... Read more

    Affected Products : exchange_pop3
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0535

    Multiple cross-site scripting (XSS) vulnerabilities in Community Server allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: this candidate does not contain any actionable or distinguishing information. Perhaps... Read more

    Affected Products : community_server
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293507 Results