Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (323513 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-14968 1 Emlsoft Project 1 Emlsoft 2024-11-21 N/A
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter.
CVE-2018-14967 1 Emlsoft Project 1 Emlsoft 2024-11-21 N/A
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter.
CVE-2018-14966 1 Emlsoft Project 1 Emlsoft 2024-11-21 N/A
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF.
CVE-2018-14965 1 Emlsoft Project 1 Emlsoft 2024-11-21 N/A
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF.
CVE-2018-14964 1 Emlsoft Project 1 Emlsoft 2024-11-21 N/A
An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page.
CVE-2018-14963 1 Zzcms 1 Zzcms 2024-11-21 N/A
zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.
CVE-2018-14962 1 Zzcms 1 Zzcms 2024-11-21 N/A
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
CVE-2018-14961 1 Zzcms 1 Zzcms 2024-11-21 N/A
dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.
CVE-2018-14960 1 Xiao5ucompany Project 1 Xiao5ucompany 2024-11-21 N/A
Xiao5uCompany 1.7 has CSRF via admin/Admin.asp.
CVE-2018-14959 1 Weaselcms Project 1 Weaselcms 2024-11-21 N/A
An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.
CVE-2018-14958 1 Weaselcms Project 1 Weaselcms 2024-11-21 N/A
An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.
CVE-2018-14957 1 Isweb 1 Isweb 2024-11-21 N/A
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file).
CVE-2018-14956 1 Isweb 1 Isweb 2024-11-21 N/A
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.
CVE-2018-14955 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
CVE-2018-14954 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
CVE-2018-14953 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
CVE-2018-14952 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
CVE-2018-14951 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
CVE-2018-14950 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
CVE-2018-14948 1 Sound Project 1 Sound 2024-11-21 N/A
An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).