Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1081 1 Typo3 1 Typo3 2025-04-09 N/A
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
CVE-2008-6346 2 Dennis Royer, Typo3 2 Dr Wiki, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6344 1 Typo3 2 Tu-clausthal Staff, Typo3 2025-04-09 N/A
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6145 1 Typo3 2 Typo3, Wec Discussion Forum 2025-04-09 N/A
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-6381 1 Typo3 1 Typo3 2025-04-09 N/A
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6144 1 Typo3 2 Typo3, Wec Discussion Forum 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029.
CVE-2008-6338 2 Typo3, Weber-ebusiness 2 Typo3, Wes Facilities 2025-04-09 N/A
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5995 1 Typo3 2 Freecap Captcha Extension, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2526 1 Typo3 1 Wt Gallery 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2525 1 Typo3 1 Rlmp Eventdb 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2489 1 Typo3 1 Sg Zfelib 2025-04-09 N/A
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."
CVE-2009-4158 2 Mario Matzulla, Typo3 2 Cal, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5096 1 Typo3 2 File List Extension, Typo3 2025-04-09 N/A
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2008-6341 1 Typo3 2 Sb Universal Plugin, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4167 2 Lukas Taferner, Typo3 2 It Basetag, Typo3 2025-04-09 N/A
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.
CVE-2009-1264 2 Stanislas Rolland, Typo3 2 Sr Feuser Register, Typo3 2025-04-09 N/A
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.
CVE-2008-3045 1 Typo3 1 Industry Database 2025-04-09 N/A
Unspecified vulnerability in the Industry Database (aka Branchendatenbank pro_industrydb) extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."
CVE-2006-5069 1 Typo3 1 Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-4166 2 Michal Hadr, Typo3 2 Mchtrips, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-3043 1 Typo3 1 Wec Discussion Forum 2025-04-09 N/A
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."