Export limit exceeded: 348169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (348169 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2018-18795 1 School Event Management System Project 1 School Event Management System 2024-11-21 N/A
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
CVE-2018-18794 1 School Event Management System Project 1 School Event Management System 2024-11-21 N/A
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
CVE-2018-18793 1 School Event Management System Project 1 School Event Management System 2024-11-21 N/A
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
CVE-2018-18792 1 Zzcms 1 Zzcms 2024-11-21 N/A
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
CVE-2018-18791 1 Zzcms 1 Zzcms 2024-11-21 N/A
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
CVE-2018-18790 1 Zzcms 1 Zzcms 2024-11-21 N/A
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)
CVE-2018-18789 1 Zzcms 1 Zzcms 2024-11-21 N/A
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
CVE-2018-18788 1 Zzcms 1 Zzcms 2024-11-21 N/A
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)
CVE-2018-18787 1 Zzcms 1 Zzcms 2024-11-21 N/A
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
CVE-2018-18786 1 Zzcms 1 Zzcms 2024-11-21 N/A
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
CVE-2018-18785 1 Zzcms 1 Zzcms 2024-11-21 N/A
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
CVE-2018-18784 1 Zzcms 1 Zzcms 2024-11-21 N/A
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)
CVE-2018-18783 1 Sem-cms 1 Semcms 2024-11-21 N/A
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.
CVE-2018-18782 1 Dedecms 1 Dedecms 2024-11-21 N/A
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
CVE-2018-18781 1 Dedecms 1 Dedecms 2024-11-21 N/A
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
CVE-2018-18778 1 Acme 1 Mini-httpd 2024-11-21 N/A
ACME mini_httpd before 1.30 lets remote users read arbitrary files.
CVE-2018-18777 1 Microstrategy 1 Microstrategy Web 2024-11-21 N/A
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
CVE-2018-18776 1 Microstrategy 1 Microstrategy Web 2024-11-21 N/A
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
CVE-2018-18775 1 Microstrategy 1 Microstrategy Web 2024-11-21 N/A
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
CVE-2018-18774 1 Control-webpanel 1 Webpanel 2024-11-21 N/A
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.