Export limit exceeded: 365174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365174 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-5327 | 1 Liferay | 1 Liferay Portal | 2025-04-20 | N/A |
| Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. | ||||
| CVE-2017-12810 | 1 Stivasoft | 1 Phpjabbers Newsletter Script | 2025-04-20 | N/A |
| PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | ||||
| CVE-2017-12812 | 1 Stivasoft | 1 Phpjabbers Night Club Booking Software | 2025-04-20 | N/A |
| PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | ||||
| CVE-2015-8667 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | ||||
| CVE-2016-2087 | 1 Hexchat Project | 1 Hexchat | 2025-04-20 | N/A |
| Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. | ||||
| CVE-2017-12813 | 1 Stivasoft | 1 Phpjabbers File Sharing Script | 2025-04-20 | N/A |
| PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | ||||
| CVE-2017-13056 | 1 Tracker-software | 1 Pdf-xchange Viewer | 2025-04-20 | N/A |
| The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. | ||||
| CVE-2017-17901 | 1 Zyxel | 2 P-660hw, P-660hw Firmware | 2025-04-20 | N/A |
| ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | ||||
| CVE-2017-17941 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2025-04-20 | N/A |
| PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | ||||
| CVE-2017-17951 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | N/A |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | ||||
| CVE-2014-9772 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. | ||||
| CVE-2017-17953 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | N/A |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | ||||
| CVE-2017-5515 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | ||||
| CVE-2017-17957 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | N/A |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | ||||
| CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-20 | N/A |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | ||||
| CVE-2017-5517 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. | ||||
| CVE-2017-5518 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. | ||||
| CVE-2017-5519 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2013-7453 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. | ||||
| CVE-2016-7036 | 1 Python-jose Project | 1 Python-jose | 2025-04-20 | N/A |
| python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. | ||||