NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 24, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
342701	7.5	HIGH	spiffyjr	phpraid	Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) auth…	NVD-CWE-Other	CVE-2006-2283	2018-10-19 01:38	2006-05-10	Show	GitHub Exploit DB Packet Storm

342702	6.8	MEDIUM	claroline dokeos	claroline dokeos	Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and th…	NVD-CWE-Other	CVE-2006-2284	2018-10-19 01:38	2006-05-10	Show	GitHub Exploit DB Packet Storm

342703	6.8	MEDIUM	claroline dokeos	claroline dokeos	Successful exploitation requires that "register_globals" is enabled.	NVD-CWE-Other	CVE-2006-2284	2018-10-19 01:38	2006-05-10	Show	GitHub Exploit DB Packet Storm

342704	6.5	MEDIUM	oracle	database_server	SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log…	CWE-89 SQL Injection	CVE-2006-1871	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342705	7.5	HIGH	oracle	database_server	Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07.	NVD-CWE-Other	CVE-2006-1872	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342706	7.5	HIGH	oracle	database_server	Apply patches : http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html	NVD-CWE-Other	CVE-2006-1872	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342707	9.0	HIGH	oracle	database_server	Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08.	NVD-CWE-noinfo	CVE-2006-1873	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342708	9.0	HIGH	oracle	database_server	Apply patches : http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html	NVD-CWE-noinfo	CVE-2006-1873	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342709	7.5	HIGH	oracle	database_server	Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed…	NVD-CWE-noinfo	CVE-2006-1874	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342710	7.5	HIGH	oracle	database_server	Apply patches.	NVD-CWE-noinfo	CVE-2006-1874	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342711	10.0	HIGH	oracle	database_server	Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB11. NOTE: Oracle has not dispute…	NVD-CWE-noinfo	CVE-2006-1875	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342712	10.0	HIGH	oracle	database_server	The most severe of these vulnerabilities could possibly expose affected computers to complete compromise.	NVD-CWE-noinfo	CVE-2006-1875	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342713	9.0	HIGH	oracle	database_server	Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Ora…	NVD-CWE-noinfo	CVE-2006-1876	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342714	7.2	HIGH	oracle	database_server	Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13.	NVD-CWE-noinfo	CVE-2006-1877	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342715	2.6	LOW	phpfaber	topsites	Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter.	NVD-CWE-Other	CVE-2006-1878	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342716	10.0	HIGH	oracle	collaboration_suite	Multiple unspecified vulnerabilities in the Email Server component in Oracle Collaboration Suite 9.0.4.2, 10.1.1, 10.1.2.0, and 10.1.2.1 have unknown impact and attack vectors, aka Vuln# (1) OCS01, (…	NVD-CWE-Other	CVE-2006-1879	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342717	10.0	HIGH	oracle	e-business_suite	Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln# (1) APPS01 in the (a) Application Install co…	NVD-CWE-Other	CVE-2006-1880	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342718	10.0	HIGH	oracle	e-business_suite	Unspecified vulnerability in the Financials for Asia/Pacific component in Oracle E-Business Suite and Applications 11.5.9 has unknown impact and attack vectors. component, aka Vuln# APPS02.	NVD-CWE-Other	CVE-2006-1881	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342719	10.0	HIGH	oracle	e-business_suite	Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (…	NVD-CWE-Other	CVE-2006-1882	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342720	10.0	HIGH	oracle	e-business_suite	Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05.	NVD-CWE-Other	CVE-2006-1883	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342721	10.0	HIGH	jdedwards oneworld oracle	enterpriseone_tools oneworld_tools application_server collaboration_suite collaboration_suite_10g_release_1 database_server developer_suite e-business_suite enterprise_manager…	Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01.	NVD-CWE-Other	CVE-2006-1884	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342722	10.0	HIGH	jdedwards oneworld oracle	enterpriseone_tools oneworld_tools application_server collaboration_suite collaboration_suite_10g_release_1 database_server developer_suite e-business_suite enterprise_manager…	The vendor has addressed this issue through the release of product updates: http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html	NVD-CWE-Other	CVE-2006-1884	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342723	10.0	HIGH	oracle	enterprise_manager	Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.	NVD-CWE-Other	CVE-2006-1885	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342724	10.0	HIGH	oracle	peoplesoft_enterprise	Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.46.12 and 8.47.04 has unknown impact and attack vectors, aka Vuln# PSE01.	NVD-CWE-Other	CVE-2006-1886	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342725	10.0	HIGH	oracle	enterpriseone	Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security Server 8.95.J1 has unknown impact and attack vectors, aka Vuln# JDE01.	NVD-CWE-Other	CVE-2006-1887	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342726	6.8	MEDIUM	phpgraphy	phpgraphy	phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can th…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2006-1888	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342727	5.8	MEDIUM	script-solution.de	boardsolution	Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web…	NVD-CWE-Other	CVE-2006-1889	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342728	7.5	HIGH	mywebland	myevent	Multiple PHP remote file inclusion vulnerabilities in myWebland myEvent 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter in (1) event.php and (2) initi…	CWE-94 Code Injection	CVE-2006-1890	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342729	4.3	MEDIUM	betaboard	betaboard	Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile para…	NVD-CWE-Other	CVE-2006-1891	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342730	4.9	MEDIUM	alwil	avast_antivirus	avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory.	NVD-CWE-Other	CVE-2006-1892	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342731	6.8	MEDIUM	ar-blog	ar-blog	Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.	NVD-CWE-Other	CVE-2006-1893	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342732	4.3	MEDIUM	revoboard	revoboard	Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is t…	NVD-CWE-Other	CVE-2006-1894	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342733	6.5	MEDIUM	phpbb_group	phpbb	Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1…	NVD-CWE-Other	CVE-2006-1895	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342734	6.0	MEDIUM	phpbb_group	phpbb	Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or sign…	CWE-94 Code Injection	CVE-2006-1896	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342735	5.0	MEDIUM	talentsoft	web\+_shop	Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other in…	NVD-CWE-Other	CVE-2006-1897	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342736	2.6	LOW	ralph_capper	tinyphpforum	Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action…	CWE-79 Cross-site Scripting	CVE-2006-1898	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342737	2.6	LOW	dev	neuron_blog	Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters.	NVD-CWE-Other	CVE-2006-1899	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342738	7.6	HIGH	w3c	amaya	Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1…	NVD-CWE-Other	CVE-2006-1900	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342739	5.0	MEDIUM	mozilla	camino	Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might…	NVD-CWE-Other	CVE-2006-1901	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342740	2.1	LOW	gnu	gcc	fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2006-1902	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342741	2.6	LOW	userland	manila	Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (…	NVD-CWE-Other	CVE-2006-1903	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342742	2.6	LOW	animegenesis	gallery	Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter.	NVD-CWE-Other	CVE-2006-1904	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342743	7.5	HIGH	xine	xine	Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a pl…	NVD-CWE-Other	CVE-2006-1905	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342744	2.6	LOW	jjgan852	phplister	Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.	NVD-CWE-Other	CVE-2006-1906	2018-10-19 01:37	2006-04-20	Show	GitHub Exploit DB Packet Storm

342745	5.8	MEDIUM	mybulletinboard	mybulletinboard	MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed …	NVD-CWE-Other	CVE-2006-1912	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342746	5.8	MEDIUM	mybulletinboard	mybulletinboard	Upgrade to MyBB 1.1.1	NVD-CWE-Other	CVE-2006-1912	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342747	2.6	LOW	papoo	papoo	Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3)…	CWE-79 Cross-site Scripting	CVE-2006-1918	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342748	4.3	MEDIUM	cutephp	cutenews	Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews…	NVD-CWE-Other	CVE-2006-1925	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342749	5.0	MEDIUM	thwboard	thwboard	SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter.	NVD-CWE-Other	CVE-2006-1926	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm

342750	5.0	MEDIUM	neon_software	neon_responder	Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation.	NVD-CWE-Other	CVE-2006-1941	2018-10-19 01:37	2006-04-21	Show	GitHub Exploit DB Packet Storm