Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10144 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (18268 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2008-5269 1 Powie 1 Psys 2025-04-09 N/A
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
CVE-2007-0642 1 Rbl 1 Tforum 2025-04-09 N/A
SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.
CVE-2008-6887 1 Preprojects 1 Pre Classified Listings 2025-04-09 N/A
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
CVE-2008-5595 1 Aspapps 1 Asp Autodealer 2025-04-09 N/A
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2007-0520 1 Unique Ads 1 Unique Ads 2025-04-09 N/A
SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.
CVE-2006-7118 1 Dmxready 1 Site Engine Manager 2025-04-09 N/A
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2008-5586 1 Check Up 1 Check New 2025-04-09 N/A
SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2008-6086 1 Camera Life 1 Camera Life 2025-04-09 N/A
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355.
CVE-2006-7089 1 Ban 1 Ban 2025-04-09 N/A
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6077 1 Loudblog 1 Loudblog 2025-04-09 N/A
SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action.
CVE-2008-6068 2 Joomla, Web Design Hero 2 Joomla, Joomladate 2025-04-09 N/A
SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.
CVE-2008-5655 1 Myiosoft 1 Easybookmarker 2025-04-09 N/A
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5653 1 Myiosoft.com 1 Ajaxportal 2025-04-09 N/A
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5648 1 Deltascripts 1 Php Shop 2025-04-09 N/A
SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-5603 1 Snitz Communications 1 Snitz Forums 2000 2025-04-09 9.8 Critical
SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2008-5635 1 Activewebsoftwares 1 Active Membership 2025-04-09 N/A
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-5630 1 Qualityunit 1 Post Affiliate Pro 2025-04-09 N/A
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
CVE-2008-1957 1 Easyscripts 1 Tr Script News 2025-04-09 N/A
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
CVE-2008-1921 1 5th Avenue Software 1 5th Avenue Shopping Cart 2025-04-09 N/A
SQL injection vulnerability in store_pages/category_list.php in 5th Avenue Shopping Cart 1.2 trial edition allows remote attackers to execute arbitrary SQL commands via the category_ID parameter.
CVE-2008-1915 1 Devworx 1 Blogworx 2025-04-09 N/A
SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.