Search

Expected end of text, found '–' (at char 47), (line:1, col:48)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346183 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2009-2741 1 Ibm 1 Websphere Business Events 2026-04-23 N/A
Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2009-2742 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input.
CVE-2009-2744 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25."
CVE-2009-2746 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2009-2761 1 Avira 2 Antivir, Antivir Security Suite 2026-04-23 N/A
Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory.
CVE-2009-2764 1 Microsoft 2 Internet Explorer, Windows 7 2026-04-23 N/A
Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
CVE-2009-2766 1 Dd-wrt 1 Dd-wrt 2026-04-23 N/A
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
CVE-2009-2767 1 Linux 2 Kernel, Linux Kernel 2026-04-23 N/A
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference.
CVE-2009-2769 1 Ultrize 1 Timesheet 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter.
CVE-2009-2770 1 Powerupload 1 Powerupload 2026-04-23 N/A
PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.
CVE-2009-2772 1 Realtysoft 1 Pg Roomate Finder Solution 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
CVE-2009-2773 1 Shop-020 1 Php Paid 4 Mail Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2009-2774 1 Php-paid4mail 1 Php-paid4mail 2026-04-23 N/A
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-2775 1 Phparcadescript 1 Phparcadescript 2026-04-23 N/A
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2776 1 Sellatsite.com 1 Smart Asp Survey 2026-04-23 N/A
SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-2777 1 Garagesalesjunkie 1 Garagesales Script 2026-04-23 N/A
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2009-2778 1 Garagesalesjunkie 1 Garagesales Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2779 1 Ajsquare 1 Aj Matrix Dna 2026-04-23 N/A
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.
CVE-2009-2781 1 Arabportal 1 Arab Portal 2026-04-23 N/A
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
CVE-2009-2782 2 Jfusion, Joomla 2 Com Jfusion, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.