Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (477 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2008-5796 1 Typo3 2 Eluna Page Comments Extension, Typo3 2025-04-09 N/A
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6145 1 Typo3 2 Typo3, Wec Discussion Forum 2025-04-09 N/A
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6346 2 Dennis Royer, Typo3 2 Dr Wiki, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6462 2 Kurt Gusbeth, Typo3 2 Myquizpoll, Typo3 2025-04-09 N/A
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6463 2 Fr.simon Rundell, Typo3 2 Pd Churchsearch, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6630 1 Typo3 2 Typo3, Wt Gallery 2025-04-09 N/A
Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors.
CVE-2008-6699 1 Typo3 2 Tjs Reslib, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2009-2103 2 Steve Grundell, Typo3 2 Frontend Mp3 Player, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3633 1 Typo3 1 Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.
CVE-2009-3818 2 Stanislas Rolland, Typo3 2 Sr Freecap, Typo3 2025-04-09 N/A
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.
CVE-2009-4159 2 Ivan Kartolo, Typo3 2 Direct Mail, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4162 2 Mauro Lorenzutti, Typo3 2 Wfqbe, Typo3 2025-04-09 N/A
Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors.
CVE-2009-4163 2 Tw Productfinder, Typo3 2 Tw Productfinder, Typo3 2025-04-09 N/A
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4337 2 Simon Rundell, Typo3 2 Pd Calendar Today, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
CVE-2009-4340 2 Mischa Heissmann, Typo3 2 No Indexed Search, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4389 2 Robert Puntigam, Typo3 2 Aba Watchdog, Typo3 2025-04-09 N/A
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2009-4393 2 Daniel Ptzinger, Typo3 2 Danp Documentdirs, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4395 2 Fr.simon Rundell, Typo3 2 Ste Prayer2, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4397 2 Fr.simon Rundell, Typo3 2 Pd Resources, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0323 2 Arco Van Geest, Typo3 2 Goof Fotoboek, Typo3 2025-04-09 N/A
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.