CVEs and Security Vulnerabilities

Export limit exceeded: 357670 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 46643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (46643 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2009-1880	1 Mt312	1 Rep-bbs	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521.
CVE-2009-1877	1 Adobe	1 Coldfusion	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.
CVE-2009-4317	1 Scriptsez	1 Ez Cart	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote attackers to inject arbitrary web script or HTML via the sid parameter in a showcat action.
CVE-2008-2960	1 Phpmyadmin	1 Phpmyadmin	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
CVE-2009-4403	1 Rumbacms	1 Rumba Xml	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information.
CVE-2008-2494	1 Pancake	1 Zina	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via the l parameter.
CVE-2008-2485	1 Pcpin	1 Pcpin Chat	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the URL redirection script (inc/url_redirection.inc.php) in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2009-3155	2 Almondsoft, Joomla	2 Com Aclassf, Joomla	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
CVE-2008-2452	1 Inmedias	1 Questionaire	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsurvey) extension 1.2.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2979	1 Ourvideo Cms	1 Ourvideo Cms	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters.
CVE-2009-2778	1 Garagesalesjunkie	1 Garagesales Script	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-1820	1 2daybiz	1 Custom T-shirt Design Script	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2009-2226	1 Php.s3	1 Tree Bbs	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1772	1 Activecollab	1 Activecollab	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.
CVE-2007-6244	2 Adobe, Redhat	2 Flash Player, Rhel Extras	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
CVE-2008-7231	1 Meridio	1 Document And Records Management	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1) document (subGeneralProps:dmpvDocTitle:PROP_W_title) or (2) container (subGeneralProps:dmpvContainerTitle:PROP_W_title).
CVE-2009-4408	1 Pyforum	1 Pyforum	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2) url tags, which are not properly handled when a post is viewed.
CVE-2009-1620	1 Mata	1 Matachat	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters.
CVE-2009-2302	1 Avatic	1 Aardvark Topsites Php	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected.
CVE-2008-3029	1 Typo3	1 Wec Discussion Forum	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

« first previous Page 390 of 2333. next last »