CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2023-3173 | Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. | Thu, 08 Jun 2023 22:10:36 |
| CVE-2023-3172 | Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. | Thu, 08 Jun 2023 21:10:45 |
| CVE-2023-34112 | JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-p... | Thu, 08 Jun 2023 20:03:53 |
| CVE-2023-34243 | TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation... | Thu, 08 Jun 2023 18:09:06 |
| CVE-2023-32751 | Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated u... | Thu, 08 Jun 2023 17:39:55 |
| CVE-2023-32750 | Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are r... | Thu, 08 Jun 2023 17:36:54 |
| CVE-2023-29405 | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious m... | Thu, 08 Jun 2023 17:33:54 |
| CVE-2023-29404 | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious m... | Thu, 08 Jun 2023 17:30:54 |
| CVE-2023-29403 | On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be d... | Thu, 08 Jun 2023 17:27:54 |
| CVE-2023-29402 | The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running... | Thu, 08 Jun 2023 17:24:54 |
| CVE-2023-29401 | The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can c... | Thu, 08 Jun 2023 17:21:54 |
| CVE-2023-0954 | A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials af... | Thu, 08 Jun 2023 17:18:53 |
| CVE-2023-34233 | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and... | Thu, 08 Jun 2023 17:15:53 |
| CVE-2023-34232 | snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browse... | Thu, 08 Jun 2023 17:12:53 |
| CVE-2023-34230 | snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO... | Thu, 08 Jun 2023 17:09:53 |
| CVE-2023-24535 | Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sig... | Thu, 08 Jun 2023 17:06:53 |
| CVE-2023-34231 | gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake... | Thu, 08 Jun 2023 16:09:14 |
| CVE-2023-32749 | Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HT... | Thu, 08 Jun 2023 16:06:14 |
| CVE-2023-34962 | Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student'... | Thu, 08 Jun 2023 15:15:04 |
| CVE-2023-34961 | Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment... | Thu, 08 Jun 2023 15:12:04 |
| CVE-2023-34959 | An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain inform... | Thu, 08 Jun 2023 15:09:04 |
| CVE-2023-34958 | Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents ... | Thu, 08 Jun 2023 15:06:04 |
| CVE-2023-34096 | Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In v... | Thu, 08 Jun 2023 15:03:03 |
| CVE-2023-3165 | A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affect... | Thu, 08 Jun 2023 13:08:09 |
| CVE-2023-34571 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/Wi... | Thu, 08 Jun 2023 11:17:22 |
| CVE-2023-34570 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOn... | Thu, 08 Jun 2023 11:14:22 |
| CVE-2023-34569 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetCo... | Thu, 08 Jun 2023 11:11:22 |
| CVE-2023-34568 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSav... | Thu, 08 Jun 2023 11:08:22 |
| CVE-2023-34567 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtu... | Thu, 08 Jun 2023 11:05:21 |
| CVE-2023-34566 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/savePare... | Thu, 08 Jun 2023 11:02:21 |
| CVE-2023-33443 | Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to... | Thu, 08 Jun 2023 10:07:04 |
| CVE-2023-3163 | A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function fil... | Thu, 08 Jun 2023 10:04:04 |
| CVE-2023-33657 | A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_m... | Thu, 08 Jun 2023 09:06:41 |
| CVE-2023-33660 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copy... | Thu, 08 Jun 2023 08:09:49 |
| CVE-2023-33658 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_... | Thu, 08 Jun 2023 08:06:49 |
| CVE-2023-34969 | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus... | Wed, 07 Jun 2023 23:04:57 |
| CVE-2023-23482 | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of th... | Wed, 07 Jun 2023 22:14:08 |
| CVE-2023-23481 | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability ... | Wed, 07 Jun 2023 22:11:08 |
| CVE-2023-23480 | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows ... | Wed, 07 Jun 2023 22:08:08 |
| CVE-2023-2986 | The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and in... | Wed, 07 Jun 2023 22:05:08 |
| CVE-2023-33847 | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secu... | Wed, 07 Jun 2023 21:09:26 |
| CVE-2023-33846 | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross... | Wed, 07 Jun 2023 21:06:26 |
| CVE-2023-34239 | Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filter... | Wed, 07 Jun 2023 20:06:04 |
| CVE-2023-34238 | Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a ... | Wed, 07 Jun 2023 20:03:03 |
| CVE-2023-33849 | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensiti... | Wed, 07 Jun 2023 18:26:47 |
| CVE-2023-31200 | PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site req... | Wed, 07 Jun 2023 18:23:46 |
| CVE-2023-29502 | Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json... | Wed, 07 Jun 2023 18:20:46 |
| CVE-2023-29168 | The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | Wed, 07 Jun 2023 18:17:46 |
| CVE-2023-29152 | By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia s... | Wed, 07 Jun 2023 18:14:46 |
| CVE-2023-27881 | A user could use the “Upload Resource” functionality to upload files to any location on the disk. | Wed, 07 Jun 2023 18:11:46 |
| CVE-2023-24476 | An attacker with local access to the machine could record the traffic, which could allow them to resend requests without th... | Wed, 07 Jun 2023 18:08:46 |
| CVE-2023-2904 | The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web ... | Wed, 07 Jun 2023 18:05:46 |
| CVE-2023-33848 | IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileg... | Wed, 07 Jun 2023 17:35:14 |
| CVE-2023-33556 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter... | Wed, 07 Jun 2023 17:32:14 |
| CVE-2023-33496 | xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl... | Wed, 07 Jun 2023 17:29:14 |
| CVE-2023-31116 | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission c... | Wed, 07 Jun 2023 17:26:14 |
| CVE-2023-31115 | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer betwe... | Wed, 07 Jun 2023 17:23:13 |
| CVE-2023-31114 | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer betwe... | Wed, 07 Jun 2023 17:20:13 |
| CVE-2023-25177 | Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could ... | Wed, 07 Jun 2023 17:17:13 |
| CVE-2023-24014 | Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could al... | Wed, 07 Jun 2023 17:14:13 |
| CVE-2023-2866 | If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version... | Wed, 07 Jun 2023 17:11:13 |
| CVE-2023-1864 | FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to ... | Wed, 07 Jun 2023 17:08:12 |
| CVE-2023-1709 | The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an atta... | Wed, 07 Jun 2023 17:05:12 |
| CVE-2023-34237 | SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote cod... | Wed, 07 Jun 2023 16:29:57 |
| CVE-2023-33865 | RenderDoc through 1.26 allows local privilege escalation via a symlink attack. | Wed, 07 Jun 2023 16:26:57 |
| CVE-2023-33864 | RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2). | Wed, 07 Jun 2023 16:23:57 |
| CVE-2023-33863 | RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2). | Wed, 07 Jun 2023 16:20:57 |
| CVE-2023-33595 | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobje... | Wed, 07 Jun 2023 16:17:57 |
| CVE-2023-33510 | Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. | Wed, 07 Jun 2023 16:14:57 |
| CVE-2023-33284 | Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any u... | Wed, 07 Jun 2023 16:11:56 |
| CVE-2023-33283 | Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets... | Wed, 07 Jun 2023 16:08:56 |
| CVE-2023-33282 | Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login a... | Wed, 07 Jun 2023 16:05:56 |
| CVE-2023-2530 | A privilege escalation allowing remote code execution was discovered in the orchestration service. | Wed, 07 Jun 2023 16:02:56 |
| CVE-2023-34234 | OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker ... | Wed, 07 Jun 2023 14:27:07 |
| CVE-2023-34109 | zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on th... | Wed, 07 Jun 2023 14:24:07 |
| CVE-2023-34108 | mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for us... | Wed, 07 Jun 2023 14:21:06 |
| CVE-2023-29345 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Wed, 07 Jun 2023 14:18:06 |
| CVE-2023-3152 | A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unk... | Wed, 07 Jun 2023 14:15:06 |
| CVE-2023-3151 | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this... | Wed, 07 Jun 2023 14:12:06 |
| CVE-2023-3150 | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been declared as critical. Affected by t... | Wed, 07 Jun 2023 14:09:06 |
| CVE-2023-2589 | An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting fro... | Wed, 07 Jun 2023 13:39:57 |
| CVE-2023-2485 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting ... | Wed, 07 Jun 2023 13:36:57 |
| CVE-2023-2199 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting ... | Wed, 07 Jun 2023 13:33:57 |
| CVE-2023-2198 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting f... | Wed, 07 Jun 2023 13:30:57 |
| CVE-2023-2015 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting ... | Wed, 07 Jun 2023 13:27:57 |
| CVE-2023-2013 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting f... | Wed, 07 Jun 2023 13:24:56 |
| CVE-2023-2001 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 1... | Wed, 07 Jun 2023 13:21:56 |
| CVE-2023-0508 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting ... | Wed, 07 Jun 2023 13:18:56 |
| CVE-2023-0121 | A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all vers... | Wed, 07 Jun 2023 13:15:56 |
| CVE-2023-3149 | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is... | Wed, 07 Jun 2023 13:12:56 |
| CVE-2023-3148 | A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This issue affects s... | Wed, 07 Jun 2023 13:09:55 |
| CVE-2023-1825 | An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting fro... | Wed, 07 Jun 2023 13:06:55 |
| CVE-2023-3147 | A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerabil... | Wed, 07 Jun 2023 12:10:46 |
| CVE-2023-3146 | A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects... | Wed, 07 Jun 2023 12:07:46 |
| CVE-2023-2442 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting... | Wed, 07 Jun 2023 12:04:46 |
| CVE-2023-2878 | Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | Wed, 07 Jun 2023 11:26:30 |
| CVE-2023-33553 | An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to r... | Wed, 07 Jun 2023 11:23:30 |
| CVE-2023-20889 | Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMwa... | Wed, 07 Jun 2023 11:20:30 |
| CVE-2023-20888 | Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access ... | Wed, 07 Jun 2023 11:17:30 |
| CVE-2023-20887 | Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria... | Wed, 07 Jun 2023 11:14:29 |