Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (151 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0809 2 Mozilla, Redhat 2 Bugzilla, Powertools 2025-04-03 N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
CVE-2002-2260 1 Mozilla 1 Bugzilla 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page.
CVE-2002-1197 1 Mozilla 1 Bugzilla 2025-04-03 N/A
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.
CVE-2002-1198 1 Mozilla 1 Bugzilla 2025-04-03 N/A
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.
CVE-2001-1401 2 Mozilla, Redhat 2 Bugzilla, Powertools 2025-04-03 N/A
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
CVE-2000-0421 1 Mozilla 1 Bugzilla 2025-04-03 N/A
The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2001-1407 2 Mozilla, Redhat 2 Bugzilla, Powertools 2025-04-03 N/A
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
CVE-2003-1046 1 Mozilla 1 Bugzilla 2025-04-03 N/A
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
CVE-2004-1061 1 Mozilla 1 Bugzilla 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
CVE-2005-1563 1 Mozilla 1 Bugzilla 2025-04-03 N/A
Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products.
CVE-2018-5123 1 Mozilla 1 Bugzilla 2024-11-21 N/A
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.