Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (34 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4585 1 Aspindir 1 Uranyumsoft Listing Service 2026-04-23 N/A
UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb.
CVE-2006-6337 1 Aspindir 1 Aspee Ziyaretci Defteri 2026-04-23 N/A
Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter.
CVE-2008-2872 1 Aspindir 1 Shibby Shop 2026-04-23 N/A
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
CVE-2008-2873 1 Aspindir 1 Shibby Shop 2026-04-23 N/A
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
CVE-2008-1939 1 Aspindir 1 Philboard 2026-04-23 N/A
Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920.
CVE-2008-6641 1 Aspindir 1 Shader Tv 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp.
CVE-2009-4820 1 Aspindir 1 Angelo-emlak 2025-04-11 N/A
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.
CVE-2010-4855 1 Aspindir 1 Xweblog 2025-04-11 N/A
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
CVE-2010-1116 1 Aspindir 1 Lookmer Muzik Portal 2025-04-11 N/A
LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb.
CVE-2010-4145 1 Aspindir 1 Kisisel Radyo Script 2025-04-11 N/A
Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb.
CVE-2010-1736 1 Aspindir 1 Krm Haber 2025-04-11 N/A
KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb.
CVE-2010-4856 1 Aspindir 1 Xweblog 2025-04-11 N/A
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.
CVE-2010-1064 1 Aspindir 1 Erolife Ajxgaleri Vt 2025-04-11 N/A
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.
CVE-2010-4144 1 Aspindir 1 Kisisel Radyo Script 2025-04-11 N/A
SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter.