Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (73 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2005-1945 1 Invision Power Services 1 Invision Community Blog 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.
CVE-2005-1816 1 Invision Power Services 1 Invision Board 2025-04-03 N/A
Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen.
CVE-2005-1817 1 Invision Power Services 1 Invision Board 2025-04-03 N/A
Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters.
CVE-2005-1443 1 Invision Power Services 1 Invision Power Board 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.
CVE-2005-1070 1 Invision Power Services 1 Invision Board 2025-04-03 N/A
SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2005-0886 1 Invision Power Services 1 Invision Board 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.
CVE-2004-1785 1 Invision Power Services 1 Invision Board 2025-04-03 N/A
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
CVE-2004-1835 1 Invision Power Services 1 Invision Gallery 2025-04-03 N/A
Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.
CVE-2004-1836 1 Invision Power Services 1 Invision Power Top Site List 2025-04-03 N/A
SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action.
CVE-2004-0355 1 Invision Power Services 1 Invision Board 2025-04-03 N/A
Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message.
CVE-2003-1454 4 Invision Power Services, Linux, Microsoft and 1 more 4 Invision Board, Linux Kernel, All Windows and 1 more 2025-04-03 N/A
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
CVE-2002-1149 1 Invision Power Services 1 Invision Board 2025-04-03 N/A
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
CVE-2006-2097 1 Invision Power Services 1 Invision Power Board 2025-04-03 N/A
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).