Search

Expected end of text, found '–' (at char 39), (line:1, col:40)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346175 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2009-4156 1 Ciamos 1 Ciamos Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
CVE-2008-6317 1 Phpmygallery 1 Phpmygallery 2026-04-23 N/A
Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316.
CVE-2008-6318 1 Phpmygallery 1 Phpmygallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317.
CVE-2008-6319 1 Cfmsource 1 Cf Calendar 2026-04-23 N/A
SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.
CVE-2009-2889 1 Phpscriptsnow 1 Hangman 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
CVE-2008-6325 1 Softbizscripts 1 Classifieds Script 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVE-2009-2890 1 Phpscriptsnow 1 Riddles 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
CVE-2009-4158 2 Mario Matzulla, Typo3 2 Cal, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6338 2 Typo3, Weber-ebusiness 2 Typo3, Wes Facilities 2026-04-23 N/A
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2891 1 Phpscriptsnow 1 Riddles 2026-04-23 N/A
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-6348 1 Developiteasy 1 Photo Gallery 2026-04-23 N/A
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-2892 1 Scripteen 1 Free Image Hosting Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
CVE-2009-4159 2 Ivan Kartolo, Typo3 2 Direct Mail, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6349 1 Turnkeyforms 1 Business Survey Pro 2026-04-23 N/A
SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6350 1 Turnkeyforms 1 Local Classifieds 2026-04-23 N/A
SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter.
CVE-2008-6351 1 Turnkeyforms 1 Local Classifieds 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter.
CVE-2009-2893 1 Xzeroscripts 1 Xzero Community Classifieds 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
CVE-2008-6352 1 Xpoze 1 Xpoze Pro 2026-04-23 N/A
SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter.
CVE-2009-2895 1 Phpsugar 1 Ultimate Regnow Affiliate 2026-04-23 N/A
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2009-4160 2 Kurt Kunig, Typo3 2 Kk Downloader, Typo3 2026-04-23 N/A
Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.