Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (49 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0535 2 Postboard, Postnuke Software Foundation 2 Postboard, Postnuke 2025-04-03 N/A
Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.
CVE-2006-0146 6 John Lim, Mantis, Mediabeez and 3 more 6 Adodb, Mantis, Mediabeez and 3 more 2025-04-03 N/A
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
CVE-2004-1787 1 Postnuke Software Foundation 1 Postcalendar 2025-04-03 N/A
SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries.
CVE-2005-1696 1 Postnuke Software Foundation 1 Postnuke 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.
CVE-2005-1700 1 Postnuke Software Foundation 1 Postnuke 2025-04-03 N/A
SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.
CVE-2004-2751 1 Postnuke Software Foundation 1 Postnuke 2025-04-03 N/A
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2005-0615 1 Postnuke Software Foundation 1 Postnuke 2025-04-03 N/A
Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter.
CVE-2005-0617 1 Postnuke Software Foundation 1 Postnuke 2025-04-03 N/A
SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter.
CVE-2005-1050 1 Postnuke Software Foundation 1 Postnuke 2025-04-03 N/A
The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message.