Search

Expected end of text, found ':' (at char 25), (line:1, col:26)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346170 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2009-3278 1 Qnap 4 Ts-239 Pro, Ts-239 Pro Firmware, Ts-639 Pro and 1 more 2026-04-23 5.5 Medium
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.
CVE-2008-6248 1 Galatolo 1 Galatolo Webmanager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
CVE-2008-6249 1 Gwm 1 Galatolo Webmanager 2026-04-23 N/A
SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6250 1 Comdev 1 Comdev Web Blogger 2026-04-23 N/A
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
CVE-2008-6251 1 Scripts 1 Phpfan 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
CVE-2008-6254 1 Jadu 1 Jadu Galaxies 2026-04-23 N/A
SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter.
CVE-2008-6255 1 Vbulletin 1 Vbulletin 2026-04-23 N/A
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php.
CVE-2009-3283 1 Phpspot 6 Php \& Css Bbs, Php Bbs, Php Bbs Ce and 3 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies.
CVE-2008-6256 1 Vbulletin 1 Vbulletin 2026-04-23 N/A
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.
CVE-2008-6258 1 Quadcomm 1 Q-shop 2026-04-23 N/A
SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108.
CVE-2008-6259 1 Quadcomm 1 Q-shop 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter.
CVE-2008-6260 1 Ultrastats 1 Ultrastats 2026-04-23 N/A
SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3.11 allows remote attackers to execute arbitrary SQL commands via the serverid parameter.
CVE-2008-6261 1 E-topbiz 1 Admanager 2026-04-23 N/A
SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows remote attackers to execute arbitrary SQL commands via the group parameter.
CVE-2008-6262 1 Infireal 1 Saturncms 2026-04-23 N/A
SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the URL to the translate function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6263 1 Infireal 1 Saturncms 2026-04-23 N/A
SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the username parameter to the _userLoggedIn function. NOTE: some of these details are obtained from third party information.
CVE-2008-6264 1 E-topbiz 1 Slide Popups 2026-04-23 N/A
SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2009-3284 1 Phpspot 6 Php \& Css Bbs, Php Bbs, Php Bbs Ce and 3 more 2026-04-23 N/A
Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2008-6266 1 Appstate 1 Phpwebsite 2026-04-23 N/A
SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
CVE-2008-6267 1 Sadi Samami 1 Multi Languages Webshop Online 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2008-6268 1 Sadi Samami 1 Multi Languages Webshop Online 2026-04-23 N/A
SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.