CVEs and Security Vulnerabilities

Export limit exceeded: 18780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 45573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45573 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2008-7092	1 Unica	1 Affinium Campaign	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors.
CVE-2007-4741	1 Claroline	1 Claroline	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4745	2 Joomla, Mambo	2 Akobook, Mambo Site Server	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
CVE-2008-2379	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
CVE-2007-4760	1 Hitachi	4 Ucosminexus Application Server Enterprise, Ucosminexus Application Server Standard, Ucosminexus Developer Standard and 1 more	2026-04-23	N/A
The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably the same issue as CVE-2007-3503.
CVE-2006-5080	1 Six Apart	1 Movable Type	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-5703	1 Tiki	1 Tikiwiki Cms\/groupware	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
CVE-2006-5843	1 Speedywiki	1 Speedywiki	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter.
CVE-2006-5847	1 Freewebshop	1 Freewebshop	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-6096	1 Dotnetindex	1 Active News Manager	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2008-2413	1 Acgv.free	1 Acgv News	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2006-6108	1 Ec-cube	1 Ec-cube	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-6687	1 Web-app.net	1 Webapp	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6746	1 Dreaxteam	1 Xt-news	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.
CVE-2006-6832	1 Joomla	1 Joomla	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
CVE-2006-6882	1 Golden Book	1 Golden Book	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-5644	1 Typo3	1 Typo3	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-7233	1 Ignite Realtime	1 Openfire	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2006-7238	1 Mark Girling	1 Myshoutpro	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4831	1 Torrenttrader	1 Torrenttrader	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.

« first previous Page 220 of 2279. next last »