Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-0258

    Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03.... Read more

    Affected Products : database_server
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0275

    Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this is... Read more

    Affected Products : application_server
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0261

    Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security... Read more

    Affected Products : database_server
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-0267

    Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20.... Read more

    Affected Products : database_server
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0291

    Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack v... Read more

    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0262

    Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.... Read more

    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0282

    Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack... Read more

    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0288

    Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) R... Read more

    Affected Products : e-business_suite application_server
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0256

    Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01.... Read more

    Affected Products : database_server
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0254

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed ... Read more

    Affected Products : geronimo
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0246

    Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter.... Read more

    Affected Products : download_tracker
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0244

    Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerabi... Read more

    Affected Products : phpxplorer
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0252

    SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.... Read more

    Affected Products : benders_calendar
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0251

    Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters.... Read more

    Affected Products : faq-o-matic
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-0253

    Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Neighbors.EXE" in AmbiCom Blue Neighbors 2.50 Build 2500 and earlier allows remote attackers to execute arbitrary code via a long file name, as demonstrated via a long RFILE argument to us... Read more

    Affected Products : blue_neighbors
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0243

    Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the text parameter, which is used by the "Search Site" field. NOTE: the provenance of this information is unknown; the details are o... Read more

    Affected Products : smbcms
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0248

    Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP... Read more

    Affected Products : jetspeed
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-0250

    Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162.... Read more

    Affected Products : snmptrapd
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0245

    Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field... Read more

    Affected Products : cubecart
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0044

    Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields".... Read more

    Affected Products : albatross
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294733 Results