Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (539 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2009-4163 2 Tw Productfinder, Typo3 2 Tw Productfinder, Typo3 2026-04-23 N/A
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4164 2 Simple Glossar, Typo3 2 Simple Glossar, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4165 2 Simple Glossar, Typo3 2 Simple Glossar, Typo3 2026-04-23 N/A
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4166 2 Michal Hadr, Typo3 2 Mchtrips, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4167 2 Lukas Taferner, Typo3 2 It Basetag, Typo3 2026-04-23 N/A
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.
CVE-2009-4336 2 Simon Rundell, Typo3 2 Pd Calendar Today, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3051 1 Typo3 1 Pinboard Extension 2026-04-23 N/A
SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-3028 1 Typo3 1 Send A Card 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4344 2 Tobias Sommer, Typo3 2 Zid Linklist, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4343 2 Dominic Eckart, Typo3 2 Trainincdb, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6343 1 Typo3 2 Tu-clausthal Odin, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4342 2 Melvin Mach, Typo3 2 Jobexchange, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4341 2 Mischa Heissmann, Typo3 2 No Indexed Search, Typo3 2026-04-23 N/A
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2008-6342 2 Lobacher Patrick, Typo3 2 Simplefilebrowser, Typo3 2026-04-23 N/A
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2009-4345 2 Jonas Renggli, Typo3 2 Vshoutbox, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4346 2 Toni Milovan, Typo3 2 Fe Rtenews, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4388 2 Frank Krger, Typo3 2 Nl Listman, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4389 2 Robert Puntigam, Typo3 2 Aba Watchdog, Typo3 2026-04-23 N/A
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2009-4390 2 Jochen Rieger, Typo3 2 Car, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-3050 1 Typo3 1 Pdf Generator 2 Extension 2026-04-23 N/A
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to cause a denial of service via unspecified vectors.