Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (531 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2013-4681 2 Michael Staatz, Typo3 2 Sofortueberweisung2commerce, Typo3 2025-04-11 N/A
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4683 2 Christophe Balisky, Typo3 2 Meta Feedit, Typo3 2025-04-11 N/A
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4719 2 Lina Wolf, Typo3 2 Seo Pack For Tt News, Typo3 2025-04-11 N/A
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4745 2 Kurt Gusbeth, Typo3 2 Myquizpoll, Typo3 2025-04-11 N/A
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4747 2 Kasper Skarhoj, Typo3 2 Accessible Is Browse Results, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4749 2 Typo3, Usertask Center Messaging Project 2 Typo3, Usertask Center Messaging 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4952 2 Serge Gebhardt, Typo3 2 Dir Listing, Typo3 2025-04-11 N/A
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2010-1004 2 Mischa Heimann, Typo3 2 Yatse, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1005 2 Mischa Heimann, Typo3 2 Yatse, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1008 2 Christian Hennecke, Typo3 2 Chsellector, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1013 2 Fr.simon Rundell, Typo3 2 Pd Diocesedatabase, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1022 2 Marcus Krause, Typo3 2 T3sec Saltedpw, Typo3 2025-04-11 N/A
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2013-5310 2 Mauro Lorenzutti, Typo3 2 Wfqbe, Typo3 2025-04-11 N/A
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-5889 2 Alex Kellner, Typo3 2 Powermail, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5890 2 Stanislas Rolland, Typo3 2 Sr Feuser Register, Typo3 2025-04-11 N/A
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.
CVE-2010-4886 2 Peter Proell, Typo3 2 Tweetbutton, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4951 2 Thomas Mammitzsch, Typo3 2 Vx Xajax Shoutbox, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4952 2 Joachim Ruhs, Typo3 2 Festat, Typo3 2025-04-11 N/A
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1078 2 Claus Due, Typo3 2 Sysutils, Typo3 2025-04-11 N/A
The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory."
CVE-2012-1079 2 Helmut Hummel, Typo3 2 Typo3 Webservice, Typo3 2025-04-11 N/A
Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.