CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2023-3173 Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. Thu, 08 Jun 2023 22:10:36
CVE-2023-3172 Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. Thu, 08 Jun 2023 21:10:45
CVE-2023-34112 JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-p... Thu, 08 Jun 2023 20:03:53
CVE-2023-34243 TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation... Thu, 08 Jun 2023 18:09:06
CVE-2023-32751 Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated u... Thu, 08 Jun 2023 17:39:55
CVE-2023-32750 Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are r... Thu, 08 Jun 2023 17:36:54
CVE-2023-29405 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious m... Thu, 08 Jun 2023 17:33:54
CVE-2023-29404 The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious m... Thu, 08 Jun 2023 17:30:54
CVE-2023-29403 On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be d... Thu, 08 Jun 2023 17:27:54
CVE-2023-29402 The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running... Thu, 08 Jun 2023 17:24:54
CVE-2023-29401 The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can c... Thu, 08 Jun 2023 17:21:54
CVE-2023-0954 A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials af... Thu, 08 Jun 2023 17:18:53
CVE-2023-34233 The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and... Thu, 08 Jun 2023 17:15:53
CVE-2023-34232 snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browse... Thu, 08 Jun 2023 17:12:53
CVE-2023-34230 snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO... Thu, 08 Jun 2023 17:09:53
CVE-2023-24535 Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sig... Thu, 08 Jun 2023 17:06:53
CVE-2023-34231 gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake... Thu, 08 Jun 2023 16:09:14
CVE-2023-32749 Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HT... Thu, 08 Jun 2023 16:06:14
CVE-2023-34962 Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student'... Thu, 08 Jun 2023 15:15:04
CVE-2023-34961 Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment... Thu, 08 Jun 2023 15:12:04
CVE-2023-34959 An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain inform... Thu, 08 Jun 2023 15:09:04
CVE-2023-34958 Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents ... Thu, 08 Jun 2023 15:06:04
CVE-2023-34096 Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In v... Thu, 08 Jun 2023 15:03:03
CVE-2023-3165 A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affect... Thu, 08 Jun 2023 13:08:09
CVE-2023-34571 Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/Wi... Thu, 08 Jun 2023 11:17:22
CVE-2023-34570 Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOn... Thu, 08 Jun 2023 11:14:22
CVE-2023-34569 Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetCo... Thu, 08 Jun 2023 11:11:22
CVE-2023-34568 Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSav... Thu, 08 Jun 2023 11:08:22
CVE-2023-34567 Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtu... Thu, 08 Jun 2023 11:05:21
CVE-2023-34566 Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/savePare... Thu, 08 Jun 2023 11:02:21
CVE-2023-33443 Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to... Thu, 08 Jun 2023 10:07:04
CVE-2023-3163 A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function fil... Thu, 08 Jun 2023 10:04:04
CVE-2023-33657 A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_m... Thu, 08 Jun 2023 09:06:41
CVE-2023-33660 A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copy... Thu, 08 Jun 2023 08:09:49
CVE-2023-33658 A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_... Thu, 08 Jun 2023 08:06:49
CVE-2023-34969 D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus... Wed, 07 Jun 2023 23:04:57
CVE-2023-23482 IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of th... Wed, 07 Jun 2023 22:14:08
CVE-2023-23481 IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability ... Wed, 07 Jun 2023 22:11:08
CVE-2023-23480 IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows ... Wed, 07 Jun 2023 22:08:08
CVE-2023-2986 The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and in... Wed, 07 Jun 2023 22:05:08
CVE-2023-33847 IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secu... Wed, 07 Jun 2023 21:09:26
CVE-2023-33846 IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross... Wed, 07 Jun 2023 21:06:26
CVE-2023-34239 Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filter... Wed, 07 Jun 2023 20:06:04
CVE-2023-34238 Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a ... Wed, 07 Jun 2023 20:03:03
CVE-2023-33849 IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensiti... Wed, 07 Jun 2023 18:26:47
CVE-2023-31200 PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site req... Wed, 07 Jun 2023 18:23:46
CVE-2023-29502 Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json... Wed, 07 Jun 2023 18:20:46
CVE-2023-29168 The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. Wed, 07 Jun 2023 18:17:46
CVE-2023-29152 By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia s... Wed, 07 Jun 2023 18:14:46
CVE-2023-27881 A user could use the “Upload Resource” functionality to upload files to any location on the disk. Wed, 07 Jun 2023 18:11:46
CVE-2023-24476 An attacker with local access to the machine could record the traffic, which could allow them to resend requests without th... Wed, 07 Jun 2023 18:08:46
CVE-2023-2904 The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web ... Wed, 07 Jun 2023 18:05:46
CVE-2023-33848 IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileg... Wed, 07 Jun 2023 17:35:14
CVE-2023-33556 TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter... Wed, 07 Jun 2023 17:32:14
CVE-2023-33496 xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl... Wed, 07 Jun 2023 17:29:14
CVE-2023-31116 An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission c... Wed, 07 Jun 2023 17:26:14
CVE-2023-31115 An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer betwe... Wed, 07 Jun 2023 17:23:13
CVE-2023-31114 An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer betwe... Wed, 07 Jun 2023 17:20:13
CVE-2023-25177 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could ... Wed, 07 Jun 2023 17:17:13
CVE-2023-24014 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could al... Wed, 07 Jun 2023 17:14:13
CVE-2023-2866 If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version... Wed, 07 Jun 2023 17:11:13
CVE-2023-1864 FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to ... Wed, 07 Jun 2023 17:08:12
CVE-2023-1709 The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an atta... Wed, 07 Jun 2023 17:05:12
CVE-2023-34237 SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote cod... Wed, 07 Jun 2023 16:29:57
CVE-2023-33865 RenderDoc through 1.26 allows local privilege escalation via a symlink attack. Wed, 07 Jun 2023 16:26:57
CVE-2023-33864 RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2). Wed, 07 Jun 2023 16:23:57
CVE-2023-33863 RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2). Wed, 07 Jun 2023 16:20:57
CVE-2023-33595 CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobje... Wed, 07 Jun 2023 16:17:57
CVE-2023-33510 Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. Wed, 07 Jun 2023 16:14:57
CVE-2023-33284 Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any u... Wed, 07 Jun 2023 16:11:56
CVE-2023-33283 Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets... Wed, 07 Jun 2023 16:08:56
CVE-2023-33282 Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login a... Wed, 07 Jun 2023 16:05:56
CVE-2023-2530 A privilege escalation allowing remote code execution was discovered in the orchestration service. Wed, 07 Jun 2023 16:02:56
CVE-2023-34234 OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker ... Wed, 07 Jun 2023 14:27:07
CVE-2023-34109 zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on th... Wed, 07 Jun 2023 14:24:07
CVE-2023-34108 mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for us... Wed, 07 Jun 2023 14:21:06
CVE-2023-29345 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Wed, 07 Jun 2023 14:18:06
CVE-2023-3152 A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unk... Wed, 07 Jun 2023 14:15:06
CVE-2023-3151 A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this... Wed, 07 Jun 2023 14:12:06
CVE-2023-3150 A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been declared as critical. Affected by t... Wed, 07 Jun 2023 14:09:06
CVE-2023-2589 An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting fro... Wed, 07 Jun 2023 13:39:57
CVE-2023-2485 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting ... Wed, 07 Jun 2023 13:36:57
CVE-2023-2199 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting ... Wed, 07 Jun 2023 13:33:57
CVE-2023-2198 An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting f... Wed, 07 Jun 2023 13:30:57
CVE-2023-2015 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting ... Wed, 07 Jun 2023 13:27:57
CVE-2023-2013 An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting f... Wed, 07 Jun 2023 13:24:56
CVE-2023-2001 An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 1... Wed, 07 Jun 2023 13:21:56
CVE-2023-0508 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting ... Wed, 07 Jun 2023 13:18:56
CVE-2023-0121 A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all vers... Wed, 07 Jun 2023 13:15:56
CVE-2023-3149 A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is... Wed, 07 Jun 2023 13:12:56
CVE-2023-3148 A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This issue affects s... Wed, 07 Jun 2023 13:09:55
CVE-2023-1825 An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting fro... Wed, 07 Jun 2023 13:06:55
CVE-2023-3147 A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerabil... Wed, 07 Jun 2023 12:10:46
CVE-2023-3146 A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects... Wed, 07 Jun 2023 12:07:46
CVE-2023-2442 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting... Wed, 07 Jun 2023 12:04:46
CVE-2023-2878 Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. Wed, 07 Jun 2023 11:26:30
CVE-2023-33553 An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to r... Wed, 07 Jun 2023 11:23:30
CVE-2023-20889 Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMwa... Wed, 07 Jun 2023 11:20:30
CVE-2023-20888 Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access ... Wed, 07 Jun 2023 11:17:30
CVE-2023-20887 Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria... Wed, 07 Jun 2023 11:14:29
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report