Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (17661 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1000118 1 Huge-it 1 Slideshow 2025-04-12 N/A
XSS & SQLi in HugeIT slideshow v1.0.4
CVE-2016-1000119 1 Huge-it 1 Catalog 2025-04-12 N/A
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
CVE-2016-1000120 1 Huge-it 1 Catalog 2025-04-12 N/A
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
CVE-2016-1000122 1 Huge-it 1 Slider 2025-04-12 N/A
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
CVE-2016-1000123 1 Huge-it 1 Video Gallery 2025-04-12 N/A
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
CVE-2016-1000124 1 Huge-it 1 Portfolio Gallery 2025-04-12 N/A
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
CVE-2016-1000217 1 Zotpress Project 1 Zotpress 2025-04-12 N/A
Zotpress plugin for WordPress SQLi in zp_get_account()
CVE-2016-1308 1 Samsung 1 X14j Firmware 2025-04-12 N/A
SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.
CVE-2016-1393 1 Cisco 1 Cloud Network Automation Provisioner 2025-04-12 N/A
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.
CVE-2016-1437 1 Cisco 1 Prime Collaboration Deployment 2025-04-12 N/A
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549.
CVE-2016-1446 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.
CVE-2016-2174 1 Apache 1 Ranger 2025-04-12 N/A
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
CVE-2016-2950 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-3072 2 Katello, Redhat 3 Katello, Enterprise Linux, Satellite 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
CVE-2016-3659 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
CVE-2016-3675 1 Huawei 2 Policy Center, Policy Center Firmware 2025-04-12 8.1 High
SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.
CVE-2016-4350 1 Solarwinds 1 Storage Resource Monitor 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet.
CVE-2016-4351 1 Trendmicro 1 Email Encryption Gateway 2025-04-12 9.8 Critical
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-5048 1 Readydesk 1 Readydesk 2025-04-12 N/A
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.
CVE-2016-5792 1 Moxa 1 Softcms 2025-04-12 N/A
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.