Search

Expected end of text, found '.' (at char 10), (line:1, col:11)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3702 2 Jcomsoft, Speedbit 2 Anigif, Download Accelerator Plus 2026-04-23 N/A
Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument to the (1) ReadGIF or (2) ReadGIF2 method.
CVE-2009-3321 1 Saphplesson 1 Saphplesson 2026-04-23 N/A
SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header.
CVE-2008-3708 1 Dotcms 1 Dotcms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
CVE-2008-3709 1 Hotscripts 1 Cyboards Php Lite 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php.
CVE-2008-3713 1 Phpbasket 1 Phpbasket 2026-04-23 N/A
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.
CVE-2008-3714 1 Awstats 1 Awstats 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
CVE-2008-3715 1 Flexcms 1 Flexcms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.
CVE-2008-3716 1 Harmoni 1 Harmoni 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component.
CVE-2008-3717 1 Harmoni 1 Harmoni 2026-04-23 N/A
Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.
CVE-2008-3721 1 Deeemm 1 Dmcms 2026-04-23 N/A
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
CVE-2008-3724 1 Papoo 1 Papoo 2026-04-23 N/A
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter.
CVE-2008-3725 1 Yourfreeworld 1 Ad Board Script 2026-04-23 N/A
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3726 1 Microworld Technologies 1 Mailscan 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2008-3727 1 Microworld Technologies 1 Mailscan 2026-04-23 N/A
Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2008-3730 1 Nordicwind 2 Noah, Nordicwind Document Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3731 1 Solarwinds 1 Serv-u File Server 2026-04-23 N/A
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
CVE-2008-3733 1 Eo-video 1 Eo-video 2026-04-23 N/A
Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.
CVE-2008-3734 1 Ipswitch 2 Ws Ftp Home, Ws Ftp Pro 2026-04-23 N/A
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).
CVE-2008-3735 1 Phpizabi 1 Phpizabi 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action.
CVE-2008-3738 1 Spacetag 1 Lacoodast 2026-04-23 9.1 Critical
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.