Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (17935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15973 1 Sokial 1 Sokial 2025-04-20 N/A
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
CVE-2017-8377 1 Genixcms 1 Genixcms 2025-04-20 N/A
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.
CVE-2017-9730 1 Dfsol 1 Nuevomailer 2025-04-20 9.8 Critical
SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.
CVE-2017-15972 1 Softdatepro 1 Dating Software 2025-04-20 N/A
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
CVE-2017-15971 1 Softdatepro 1 Same Date Pro 2025-04-20 9.8 Critical
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
CVE-2017-15970 1 Phpcityportal 1 Phpcityportal 2025-04-20 N/A
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
CVE-2017-15969 1 Pilotgroup 1 Allsharevideo 2025-04-20 N/A
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
CVE-2017-11419 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].
CVE-2017-15968 1 Contractorscripts 1 Mybuildersite 2025-04-20 N/A
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
CVE-2017-9759 1 Zenbership 1 Zenbership 2025-04-20 N/A
SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account.
CVE-2017-15967 1 Mailing-manager 1 Mailing List Manager Pro 2025-04-20 N/A
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CVE-2017-15966 1 Zh Yandexmap Project 1 Zh Yandexmap 2025-04-20 N/A
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CVE-2017-15964 1 Nicephpscripts 1 Job Board Script 2025-04-20 N/A
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CVE-2017-9834 1 Calendarscripts 1 Watupro 2025-04-20 N/A
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.
CVE-2017-15963 1 Itechscripts 1 Gigs Script 2025-04-20 N/A
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
CVE-2017-15961 1 Iproject Management System Project 1 Iproject Management System 2025-04-20 N/A
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
CVE-2017-15960 1 Yourarticlesdirectory 1 Article Directory Script 2025-04-20 N/A
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
CVE-2017-15959 1 Adultscriptpro 1 Adultscriptpro 2025-04-20 N/A
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
CVE-2017-15958 1 Domainzaar 1 D-park Pro 2025-04-20 N/A
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2017-15949 1 Angry-frog 1 Xavier 2025-04-20 N/A
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.