Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (18268 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2015-1369 1 Sequelize Project 1 Sequelize 2025-04-12 N/A
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2015-1392 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1393 1 10web 1 Photo Gallery 2025-04-12 N/A
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.
CVE-2015-1400 1 Npds 1 Revolution 2025-04-12 N/A
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.
CVE-2015-1403 1 Content Rating Project 1 Content Rating 2025-04-12 N/A
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1434 1 Mylittleforum 1 My Little Forum 2025-04-12 N/A
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
CVE-2015-1441 1 Piwigo 1 Piwigo 2025-04-12 N/A
SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1442 1 Aas9 1 Zerocms 2025-04-12 N/A
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.
CVE-2015-1450 1 Restaurantbiller 1 Restaurant Biller 2025-04-12 N/A
SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php.
CVE-2015-1479 1 Zohocorp 1 Servicedesk Plus 2025-04-12 N/A
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
CVE-2015-1477 1 Cmsjunkie 1 J-classifiedsmanager 2025-04-12 N/A
SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads.
CVE-2015-1491 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1513 1 Siphon 1 Siphone Enterprise Pbx 2025-04-12 N/A
SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username.
CVE-2015-1616 1 Mcafee 1 Data Loss Prevention Endpoint 2025-04-12 N/A
SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-2237 1 Betster Project 1 Betster 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.
CVE-2015-2972 1 Sysphonic 1 Thetis 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-3993 1 Actian 1 Matrix 2025-04-12 N/A
Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table.
CVE-2015-4018 1 Feedwordpress Project 1 Feedwordpress 2025-04-12 N/A
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.
CVE-2015-4064 1 Landing Pages Project 1 Landing Pages 2025-04-12 N/A
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
CVE-2015-4109 1 Usersultra 1 Usersultra 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php.