Export limit exceeded: 45737 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 45737 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 18909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (18909 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2012-4060 1 Asp-dev 1 Xm Forums 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
CVE-2010-4814 1 Bestsoftinc 1 Advance Hotel Booking System 2025-04-11 N/A
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2012-4772 1 Intelliants 1 Subrion Cms 2025-04-11 N/A
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.
CVE-2010-5004 1 2daybiz 1 Polls Script 2025-04-11 N/A
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2012-2115 1 Open-emr 1 Openemr 2025-04-11 N/A
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVE-2010-0795 2 Harmistechnology, Joomla 2 Com Jeeventcalendar, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php.
CVE-2012-4990 1 Openx 1 Openx 2025-04-11 N/A
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
CVE-2012-4996 1 Rivetcode 1 Rivettracker 2025-04-11 N/A
Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php.
CVE-2013-3404 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
CVE-2012-5550 2 Carlos Carvalhar, Drupal 2 Time Spent, Drupal 2025-04-11 N/A
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4865 2 Harmistechnology, Joomla 2 Com Jeguestbook, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
CVE-2012-5590 2 Drupal, Scripthead 2 Drupal, Webmail Plus 2025-04-11 N/A
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-1617 1 Symantec 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4864 2 Danieljamesscott, Joomla 2 Com Clubmanager, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.
CVE-2013-0451 1 Ibm 1 Maximo Asset Management 2025-04-11 N/A
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-3957 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-11 N/A
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4859 1 Webasyst 1 Shop-script 2025-04-11 N/A
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action.
CVE-2010-4849 1 Alibabaclone 1 Alibaba Clone B2b 2025-04-11 N/A
SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
CVE-2011-2703 2 Osgeo, Umn 2 Mapserver, Mapserver 2025-04-11 N/A
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
CVE-2012-1225 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.