Search

Expected end of text, found '.' (at char 13), (line:1, col:14)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (357318 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0494 2 Isc, Redhat 2 Bind, Enterprise Linux 2026-04-23 N/A
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
CVE-2007-0497 1 Upload-service 1 Upload-service 2026-04-23 N/A
PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.
CVE-2006-7176 2 Redhat, Sendmail 2 Enterprise Linux, Sendmail 2026-04-23 N/A
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
CVE-2008-5772 1 Aspsiteware 1 Realtylistings 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
CVE-2008-5779 1 Flds Script 1 Flds 2026-04-23 N/A
SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5780 1 Hostforest 1 Forest Blog 2026-04-23 N/A
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
CVE-2008-5781 1 Cfagcms 1 Cfagcms 2026-04-23 N/A
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2008-6166 2 Jmds, Joomla 2 Com Kbase, Joomla 2026-04-23 N/A
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
CVE-2008-6168 1 Miniportail 1 Miniportail 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string.
CVE-2007-2739 1 Xajax 1 Xajax 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1277 1 Gravityboardx 1 Gravity Board X 2026-04-23 N/A
SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.
CVE-2008-6179 1 Indexscript 1 Indexscript 2026-04-23 N/A
SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.
CVE-2007-2740 1 Xajax 1 Xajax 2026-04-23 N/A
Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.
CVE-2008-6181 2 Joomla, Mad4media 2 Joomla, Com Mad4joomla 2026-04-23 N/A
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.
CVE-2008-6184 2 Joomla, Medialab-karlsruhe 2 Joomla, Ownbiblio 2026-04-23 N/A
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.
CVE-2008-6189 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
CVE-2007-2743 1 Glossword 1 Glossword 2026-04-23 N/A
PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.
CVE-2007-2747 1 Rdiffweb 1 Rdiffweb 2026-04-23 N/A
Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.
CVE-2007-2751 1 Phpglossar 1 Phpglossar 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php.
CVE-2007-3419 1 Web-app.org 1 Webapp 2026-04-23 N/A
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.