Search

Expected end of text, found '–' (at char 57), (line:1, col:58)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346191 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2009-4621 2 Discuz, Patching 2 Discuz\!, Jianghu Inn 2026-04-23 N/A
SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php.
CVE-2009-3244 1 Adobe 1 Shockwave Player 2026-04-23 N/A
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
CVE-2009-4624 1 Nicecoder 1 Idesk 2026-04-23 N/A
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.
CVE-2009-4628 2 Joomla, Templateplaza 2 Joomla\!, Com Tpdugg 2026-04-23 N/A
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
CVE-2006-5828 1 Deltascripts 1 Php Classifieds 2026-04-23 N/A
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2006-5837 1 Simplechat 1 Simplechat 2026-04-23 N/A
Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter.
CVE-2006-5849 1 Irayoblog 1 Irayoblog 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter.
CVE-2006-7082 1 Rigter Portal System 1 Rigter Portal System 2026-04-23 N/A
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php.
CVE-2008-0983 1 Lighttpd 1 Lighttpd 2026-04-23 N/A
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
CVE-2008-1783 1 Prozilla 1 Reviews 2026-04-23 N/A
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
CVE-2008-1798 1 Dragoon 1 Dragoon 2026-04-23 N/A
Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.
CVE-2008-6509 1 Igniterealtime 1 Openfire 2026-04-23 N/A
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.
CVE-2008-7162 1 Heroshare 1 Hero Super Player 3000 2026-04-23 N/A
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.
CVE-2009-4540 1 Bpowerhouse 1 Mini Cms 2026-04-23 N/A
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6952 1 Ca 1 Host-based Intrusion Prevention System 2026-04-23 N/A
Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.
CVE-2007-1278 2 Adobe, Microsoft 3 Coldfusion, Jrun, Internet Information Server 2026-04-23 N/A
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
CVE-2007-1468 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.
CVE-2007-1469 1 Xigla 1 Absolute Image Gallery Xe 2026-04-23 N/A
SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
CVE-2007-1477 1 Oscommerce 1 Php Point Of Sale 2026-04-23 N/A
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation
CVE-2007-1481 1 Wbblog 1 Wbblog 2026-04-23 N/A
SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd.