Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (478 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4705 2 Thomas Loeffler, Typo3 2 Twittersearch, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4709 2 Dirk Maiwert, Typo3 2 Datamints Newsticker, Typo3 2025-04-11 N/A
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4711 2 Jan Bednarik, Typo3 2 Cooluri, Typo3 2025-04-11 N/A
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
CVE-2009-4802 2 Joachim Ruhs, Typo3 2 Flat Manager, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4803 2 Andreas Schwarzkopf, Typo3 2 Accessibility Glossary, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4804 3 Mario Matzulla, Microsoft, Typo3 3 Calendar Base, Internet Explorer, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."
CVE-2009-4954 2 Typo3, Websedit 2 Typo3, Sk Calendar 2025-04-11 N/A
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4955 2 Thomas Hempel, Typo3 2 Th Ultracards, Typo3 2025-04-11 N/A
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4956 2 Typo3, Wapplersystems 2 Typo3, Ws Stats 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4966 2 Elemente, Typo3 2 Ast Addresszipsearch, Typo3 2025-04-11 N/A
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4968 2 Christian Ehmann, Typo3 2 Event Registr, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4892 2 Alex Kellner, Typo3 2 Powermail, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1006 1 Typo3 2 Brainstorming, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1008 2 Christian Hennecke, Typo3 2 Chsellector, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1012 2 Mathias Schreiber, Typo3 2 Nf Cleandb, Typo3 2025-04-11 N/A
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1013 2 Fr.simon Rundell, Typo3 2 Pd Diocesedatabase, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1014 2 Steffen Kamper, Typo3 2 Reports Logview, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1015 2 Laurent Foulloy, Typo3 2 Sav Filter Abc, Typo3 2025-04-11 N/A
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1016 2 Laurent Foulloy, Typo3 2 Sav Filter Selectors, Typo3 2025-04-11 N/A
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1017 2 Laurent Foulloy, Typo3 2 Sav Filter Months, Typo3 2025-04-11 N/A
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.