CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2023-43470 SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the c... Fri, 22 Sep 2023 20:13:51
CVE-2023-43469 SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the For... Fri, 22 Sep 2023 20:10:51
CVE-2023-43468 SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the log... Fri, 22 Sep 2023 20:07:51
CVE-2023-43338 Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This... Fri, 22 Sep 2023 20:04:51
CVE-2023-43130 D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. Fri, 22 Sep 2023 19:05:56
CVE-2023-43129 D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOT... Fri, 22 Sep 2023 19:02:56
CVE-2023-40989 SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a... Fri, 22 Sep 2023 16:06:08
CVE-2023-43270 dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/p... Fri, 22 Sep 2023 15:04:50
CVE-2023-38346 An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and there... Fri, 22 Sep 2023 15:01:50
CVE-2023-43640 TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL inje... Fri, 22 Sep 2023 14:08:30
CVE-2023-42821 The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudo... Fri, 22 Sep 2023 13:17:27
CVE-2023-42812 Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request... Fri, 22 Sep 2023 13:14:27
CVE-2023-41031 Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authent... Fri, 22 Sep 2023 13:11:27
CVE-2023-41029 Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1... Fri, 22 Sep 2023 13:08:27
CVE-2023-41027 Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.... Fri, 22 Sep 2023 13:05:26
CVE-2023-42811 aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM ... Fri, 22 Sep 2023 12:07:20
CVE-2023-42798 AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 ... Fri, 22 Sep 2023 12:04:20
CVE-2023-43144 Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. Fri, 22 Sep 2023 11:08:39
CVE-2023-23766 An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying ... Fri, 22 Sep 2023 11:05:39
CVE-2022-4039 A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management ... Fri, 22 Sep 2023 11:02:38
CVE-2023-34319 The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not ... Fri, 22 Sep 2023 10:12:33
CVE-2023-5002 A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external... Fri, 22 Sep 2023 10:09:33
CVE-2022-3874 A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman in... Fri, 22 Sep 2023 10:06:33
CVE-2023-43784 ** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose compo... Fri, 22 Sep 2023 02:25:18
CVE-2023-43783 Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it h... Fri, 22 Sep 2023 02:22:18
CVE-2023-43782 Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it ha... Fri, 22 Sep 2023 02:19:17
CVE-2023-43771 In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. Fri, 22 Sep 2023 02:16:17
CVE-2023-43770 Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted li... Fri, 22 Sep 2023 02:13:17
CVE-2023-43090 A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of t... Fri, 22 Sep 2023 02:10:17
CVE-2023-4774 The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' sho... Fri, 22 Sep 2023 02:07:17
CVE-2023-4716 The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode... Fri, 22 Sep 2023 02:04:17
CVE-2023-43765 Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithS... Fri, 22 Sep 2023 01:23:49
CVE-2023-43764 Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affe... Fri, 22 Sep 2023 01:20:48
CVE-2023-43763 Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15... Fri, 22 Sep 2023 01:17:48
CVE-2023-43762 Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affe... Fri, 22 Sep 2023 01:14:48
CVE-2023-43760 Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithS... Fri, 22 Sep 2023 01:11:48
CVE-2023-43767 Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Sec... Fri, 22 Sep 2023 01:08:48
CVE-2023-43766 Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Clie... Fri, 22 Sep 2023 01:05:47
CVE-2023-43761 Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure S... Fri, 22 Sep 2023 01:02:47
CVE-2023-23362 An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability all... Fri, 22 Sep 2023 00:11:18
CVE-2023-23364 A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, ... Fri, 22 Sep 2023 00:08:18
CVE-2023-23363 A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, t... Fri, 22 Sep 2023 00:05:18
CVE-2023-31719 FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. Thu, 21 Sep 2023 20:15:02
CVE-2023-31718 FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. Thu, 21 Sep 2023 20:12:01
CVE-2023-31717 A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. Thu, 21 Sep 2023 20:09:01
CVE-2023-31716 FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log Thu, 21 Sep 2023 20:06:01
CVE-2023-43128 D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_... Thu, 21 Sep 2023 19:16:59
CVE-2023-41616 A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and b... Thu, 21 Sep 2023 19:13:59
CVE-2023-41614 A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows att... Thu, 21 Sep 2023 19:10:59
CVE-2023-5068 Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This... Thu, 21 Sep 2023 19:07:59
CVE-2023-4504 Due to failure in validating the length provided by an attacker-crafted PostScript document, CUPS and libppd are susceptible ... Thu, 21 Sep 2023 19:04:58
CVE-2023-42261 Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. Thu, 21 Sep 2023 18:04:40
CVE-2023-38344 An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileCont... Thu, 21 Sep 2023 17:08:26
CVE-2023-38343 An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4.... Thu, 21 Sep 2023 17:05:26
CVE-2023-42482 Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. Thu, 21 Sep 2023 16:10:49
CVE-2023-34576 SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQ... Thu, 21 Sep 2023 16:07:49
CVE-2023-42280 mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify... Thu, 21 Sep 2023 15:15:23
CVE-2023-41993 The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, ... Thu, 21 Sep 2023 15:12:23
CVE-2023-41992 The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, w... Thu, 21 Sep 2023 15:09:22
CVE-2023-41991 A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, w... Thu, 21 Sep 2023 15:06:22
CVE-2023-42810 systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vu... Thu, 21 Sep 2023 14:05:16
CVE-2023-42279 Dreamer CMS 4.1.3 is vulnerable to SQL Injection. Thu, 21 Sep 2023 14:02:16
CVE-2023-42807 Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an... Thu, 21 Sep 2023 13:18:09
CVE-2023-42806 Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` ... Thu, 21 Sep 2023 13:15:09
CVE-2023-42805 quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC fr... Thu, 21 Sep 2023 13:12:09
CVE-2023-42458 Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vul... Thu, 21 Sep 2023 13:09:08
CVE-2023-34577 SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL c... Thu, 21 Sep 2023 13:06:08
CVE-2023-42456 Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt,... Thu, 21 Sep 2023 12:04:29
CVE-2023-42457 plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior... Thu, 21 Sep 2023 11:09:10
CVE-2023-41048 plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Pr... Thu, 21 Sep 2023 11:06:10
CVE-2023-40183 DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that ... Thu, 21 Sep 2023 11:03:10
CVE-2023-43637 Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 ... Thu, 21 Sep 2023 10:21:01
CVE-2023-43634 When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous projec... Thu, 21 Sep 2023 10:18:01
CVE-2023-43633 On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the fi... Thu, 21 Sep 2023 10:15:01
CVE-2023-43632 As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing lim... Thu, 21 Sep 2023 10:12:01
CVE-2023-43631 On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is pre... Thu, 21 Sep 2023 10:09:00
CVE-2023-43309 There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field... Thu, 21 Sep 2023 10:06:00
CVE-2023-43274 Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. Thu, 21 Sep 2023 10:03:00
CVE-2023-43242 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. Thu, 21 Sep 2023 09:28:10
CVE-2023-43241 D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecuri... Thu, 21 Sep 2023 09:25:09
CVE-2023-43240 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. Thu, 21 Sep 2023 09:22:09
CVE-2023-43239 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. Thu, 21 Sep 2023 09:19:09
CVE-2023-43238 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. Thu, 21 Sep 2023 09:16:09
CVE-2023-43237 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. Thu, 21 Sep 2023 09:13:09
CVE-2023-43236 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. Thu, 21 Sep 2023 09:10:08
CVE-2023-43235 D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettin... Thu, 21 Sep 2023 09:07:08
CVE-2023-4753 OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local... Thu, 21 Sep 2023 06:02:35
CVE-2023-5104 Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. Thu, 21 Sep 2023 05:07:51
CVE-2023-4760 In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the Fi... Thu, 21 Sep 2023 04:07:06
CVE-2023-4292 Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulner... Thu, 21 Sep 2023 03:11:39
CVE-2023-4291 Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code executio... Thu, 21 Sep 2023 03:08:38
CVE-2023-4152 Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulne... Thu, 21 Sep 2023 03:05:38
CVE-2023-39252 Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attack... Thu, 21 Sep 2023 02:14:26
CVE-2023-43669 The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumptio... Thu, 21 Sep 2023 02:11:26
CVE-2018-5478 Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension. Thu, 21 Sep 2023 02:08:26
CVE-2015-8371 Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-contro... Thu, 21 Sep 2023 02:05:25
CVE-2015-5467 web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the ... Thu, 21 Sep 2023 02:02:25
CVE-2023-43135 There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to... Wed, 20 Sep 2023 18:20:29
CVE-2023-39675 SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at... Wed, 20 Sep 2023 18:17:29
CVE-2023-37279 Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer... Wed, 20 Sep 2023 18:14:29
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report