Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4710 2 Robert Heel, Typo3 2 Cwt Resetbepassword, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4711 2 Jan Bednarik, Typo3 2 Cooluri, Typo3 2025-04-11 N/A
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
CVE-2009-4802 2 Joachim Ruhs, Typo3 2 Flat Manager, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4803 2 Andreas Schwarzkopf, Typo3 2 Accessibility Glossary, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4954 2 Typo3, Websedit 2 Typo3, Sk Calendar 2025-04-11 N/A
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4948 2 Joachim Ruhs, Typo3 2 Locator, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2131 2 Mario Matzulla, Typo3 2 Cal, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.
CVE-2010-3605 2 Alex Kellner, Typo3 2 Powermail, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4952 2 Serge Gebhardt, Typo3 2 Dir Listing, Typo3 2025-04-11 N/A
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2009-4953 2 Stefan Geith, Typo3 2 Sg Userdata, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2112 1 Typo3 1 Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.
CVE-2009-4959 2 Stefan Koch, Typo3 2 T3m, Typo3 2025-04-11 N/A
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4963 1 Typo3 2 Commerce Extension, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4966 2 Elemente, Typo3 2 Ast Addresszipsearch, Typo3 2025-04-11 N/A
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-1722 2 Typo3, Webempoweredchurch 2 Typo3, Wec Discussion 2025-04-11 N/A
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.
CVE-2010-1218 2 Mm Forum, Typo3 2 Mmforum, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4969 1 Typo3 2 Sbanner, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4970 2 Typo3, Typo3-macher 2 Typo3, T3m Affiliate 2025-04-11 N/A
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4886 2 Peter Proell, Typo3 2 Tweetbutton, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1025 2 Chris Wederka, Typo3 2 Tgm Newsletter, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.