Search

Expected end of text, found '.' (at char 39), (line:1, col:40)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344952 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1192 1 Truenorth Software 1 Ia Webmail Server 2026-04-16 N/A
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2003-1174 1 Nullsoft 1 Shoutcast Server 2026-04-16 N/A
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
CVE-2003-1175 1 Synthetic Reality 1 Sympoll 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.
CVE-2003-1179 1 Advanced Poll 1 Advanced Poll 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
CVE-2006-0812 1 Visnetic 1 Visnetic Antivirus Plug-in For Mail Server 2026-04-16 N/A
The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges.
CVE-2003-1193 1 Oracle 2 Application Server Portal, Oracle9i 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
CVE-2003-1194 1 Booby 1 Booby 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message.
CVE-2006-0835 1 Mitridat 1 Web Calendar Pro 2026-04-16 N/A
SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter.
CVE-2003-1195 1 Vienuke 1 Vieboard 2026-04-16 N/A
SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable.
CVE-2003-1196 1 Vienuke 1 Vieboard 2026-04-16 N/A
SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2003-1197 1 Ledscripts.com 1 Ledforums 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread.
CVE-2003-1198 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field.
CVE-2002-2091 1 Decfingerd 1 Decfingerd 2026-04-16 N/A
Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request.
CVE-2003-1202 1 Omail 1 Omail Webmail 2026-04-16 N/A
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
CVE-2003-1204 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
CVE-2003-1211 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter.
CVE-2003-1212 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
CVE-2003-1213 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
CVE-2003-1215 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
CVE-2002-2301 1 Lawson Software 1 Lawson Financials 2026-04-16 N/A
Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.