CVEs and Security Vulnerabilities

Export limit exceeded: 360533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 46875 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19526 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (19526 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2010-1743	1 Satyadeep	1 Scratcher	2025-04-11	N/A
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4849	1 Alibabaclone	1 Alibaba Clone B2b	2025-04-11	N/A
SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
CVE-2010-4842	1 Mhproducts	1 Download Center	2025-04-11	N/A
SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4838	1 Secureideas	1 Basic Analysis And Security Engine	2025-04-11	N/A
SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-4870	1 Phpcityportal	1 Phpcityportal	2025-04-11	N/A
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-4871	1 Logoshows	1 Logoshows Bbs	2025-04-11	N/A
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2009-4872	1 Logoshows	1 Logoshows Bbs	2025-04-11	N/A
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2009-4883	1 Todd Rogers	1 Phprecipebook	2025-04-11	N/A
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.
CVE-2009-4889	2 Basti2web, Php-fusion	2 Book Panel, Php-fusion	2025-04-11	N/A
SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter.
CVE-2009-4992	1 Script-shop24	1 Lm Starmail Paidmail	2025-04-11	N/A
SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-4925	1 Creasito	1 Creasito E-commerce Content Manager	2025-04-11	N/A
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.
CVE-2009-4954	2 Typo3, Websedit	2 Typo3, Sk Calendar	2025-04-11	N/A
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4958	1 Emophp	1 Emo Breeder Manager	2025-04-11	N/A
SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter.
CVE-2009-4959	2 Stefan Koch, Typo3	2 T3m, Typo3	2025-04-11	N/A
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4966	2 Elemente, Typo3	2 Ast Addresszipsearch, Typo3	2025-04-11	N/A
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4967	2 Jochen Rieger, Typo3	2 Car, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4968	2 Christian Ehmann, Typo3	2 Event Registr, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4969	1 Typo3	2 Sbanner, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4970	2 Typo3, Typo3-macher	2 Typo3, T3m Affiliate	2025-04-11	N/A
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4971	2 Typo3, Vincent Tietz	2 Typo3, Vjchat	2025-04-11	N/A
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

« first previous Page 594 of 977. next last »