CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2023-39409 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | Mon, 25 Sep 2023 07:05:34 |
| CVE-2023-39408 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | Mon, 25 Sep 2023 05:07:28 |
| CVE-2023-39407 | The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality ... | Mon, 25 Sep 2023 05:04:28 |
| CVE-2015-6964 | MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the ... | Mon, 25 Sep 2023 01:05:35 |
| CVE-2023-5154 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 2015... | Sun, 24 Sep 2023 23:05:39 |
| CVE-2023-5153 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found... | Sun, 24 Sep 2023 23:02:39 |
| CVE-2023-41872 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions. | Sun, 24 Sep 2023 22:15:43 |
| CVE-2023-5152 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been ... | Sun, 24 Sep 2023 22:12:43 |
| CVE-2023-5151 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link D... | Sun, 24 Sep 2023 22:09:43 |
| CVE-2023-5150 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-L... | Sun, 24 Sep 2023 22:06:42 |
| CVE-2023-41949 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions. | Sun, 24 Sep 2023 21:20:10 |
| CVE-2023-41948 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 ver... | Sun, 24 Sep 2023 21:17:10 |
| CVE-2023-41874 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= ... | Sun, 24 Sep 2023 21:14:10 |
| CVE-2023-5149 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231.... | Sun, 24 Sep 2023 21:11:09 |
| CVE-2023-5148 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up... | Sun, 24 Sep 2023 21:08:09 |
| CVE-2023-5147 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231.... | Sun, 24 Sep 2023 21:05:09 |
| CVE-2023-5146 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up... | Sun, 24 Sep 2023 20:05:35 |
| CVE-2023-5145 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 2015... | Sun, 24 Sep 2023 20:02:35 |
| CVE-2023-5144 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found... | Sun, 24 Sep 2023 19:05:27 |
| CVE-2023-5143 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been ... | Sun, 24 Sep 2023 19:02:27 |
| CVE-2023-5142 | A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-52... | Sun, 24 Sep 2023 18:06:47 |
| CVE-2023-1636 | A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize... | Sat, 23 Sep 2023 21:16:35 |
| CVE-2023-1633 | A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configur... | Sat, 23 Sep 2023 21:13:35 |
| CVE-2023-1625 | An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'sta... | Sat, 23 Sep 2023 21:10:34 |
| CVE-2023-1260 | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attac... | Sat, 23 Sep 2023 21:07:34 |
| CVE-2022-3962 | A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the ... | Sat, 23 Sep 2023 16:07:21 |
| CVE-2023-5134 | The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in ve... | Sat, 23 Sep 2023 04:02:19 |
| CVE-2023-5125 | The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in vers... | Sat, 23 Sep 2023 01:05:33 |
| CVE-2023-43470 | SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the c... | Fri, 22 Sep 2023 20:13:51 |
| CVE-2023-43469 | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the For... | Fri, 22 Sep 2023 20:10:51 |
| CVE-2023-43468 | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the log... | Fri, 22 Sep 2023 20:07:51 |
| CVE-2023-43338 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This... | Fri, 22 Sep 2023 20:04:51 |
| CVE-2023-43130 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. | Fri, 22 Sep 2023 19:05:56 |
| CVE-2023-43129 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOT... | Fri, 22 Sep 2023 19:02:56 |
| CVE-2023-40989 | SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a... | Fri, 22 Sep 2023 16:06:08 |
| CVE-2023-43270 | dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/p... | Fri, 22 Sep 2023 15:04:50 |
| CVE-2023-38346 | An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and there... | Fri, 22 Sep 2023 15:01:50 |
| CVE-2023-43640 | TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL inje... | Fri, 22 Sep 2023 14:08:30 |
| CVE-2023-42821 | The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudo... | Fri, 22 Sep 2023 13:17:27 |
| CVE-2023-42812 | Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request... | Fri, 22 Sep 2023 13:14:27 |
| CVE-2023-41031 | Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authent... | Fri, 22 Sep 2023 13:11:27 |
| CVE-2023-41029 | Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1... | Fri, 22 Sep 2023 13:08:27 |
| CVE-2023-41027 | Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.... | Fri, 22 Sep 2023 13:05:26 |
| CVE-2023-42811 | aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM ... | Fri, 22 Sep 2023 12:07:20 |
| CVE-2023-42798 | AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 ... | Fri, 22 Sep 2023 12:04:20 |
| CVE-2023-43144 | Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | Fri, 22 Sep 2023 11:08:39 |
| CVE-2023-23766 | An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying ... | Fri, 22 Sep 2023 11:05:39 |
| CVE-2022-4039 | A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management ... | Fri, 22 Sep 2023 11:02:38 |
| CVE-2023-34319 | The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not ... | Fri, 22 Sep 2023 10:12:33 |
| CVE-2023-5002 | A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external... | Fri, 22 Sep 2023 10:09:33 |
| CVE-2022-3874 | A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman in... | Fri, 22 Sep 2023 10:06:33 |
| CVE-2023-43784 | ** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose compo... | Fri, 22 Sep 2023 02:25:18 |
| CVE-2023-43783 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it h... | Fri, 22 Sep 2023 02:22:18 |
| CVE-2023-43782 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it ha... | Fri, 22 Sep 2023 02:19:17 |
| CVE-2023-43771 | In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. | Fri, 22 Sep 2023 02:16:17 |
| CVE-2023-43770 | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted li... | Fri, 22 Sep 2023 02:13:17 |
| CVE-2023-43090 | A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of t... | Fri, 22 Sep 2023 02:10:17 |
| CVE-2023-4774 | The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' sho... | Fri, 22 Sep 2023 02:07:17 |
| CVE-2023-4716 | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode... | Fri, 22 Sep 2023 02:04:17 |
| CVE-2023-43765 | Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithS... | Fri, 22 Sep 2023 01:23:49 |
| CVE-2023-43764 | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affe... | Fri, 22 Sep 2023 01:20:48 |
| CVE-2023-43763 | Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15... | Fri, 22 Sep 2023 01:17:48 |
| CVE-2023-43762 | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affe... | Fri, 22 Sep 2023 01:14:48 |
| CVE-2023-43760 | Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithS... | Fri, 22 Sep 2023 01:11:48 |
| CVE-2023-43767 | Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Sec... | Fri, 22 Sep 2023 01:08:48 |
| CVE-2023-43766 | Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Clie... | Fri, 22 Sep 2023 01:05:47 |
| CVE-2023-43761 | Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure S... | Fri, 22 Sep 2023 01:02:47 |
| CVE-2023-23362 | An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability all... | Fri, 22 Sep 2023 00:11:18 |
| CVE-2023-23364 | A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, ... | Fri, 22 Sep 2023 00:08:18 |
| CVE-2023-23363 | A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, t... | Fri, 22 Sep 2023 00:05:18 |
| CVE-2023-31719 | FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. | Thu, 21 Sep 2023 20:15:02 |
| CVE-2023-31718 | FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | Thu, 21 Sep 2023 20:12:01 |
| CVE-2023-31717 | A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. | Thu, 21 Sep 2023 20:09:01 |
| CVE-2023-31716 | FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | Thu, 21 Sep 2023 20:06:01 |
| CVE-2023-43128 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_... | Thu, 21 Sep 2023 19:16:59 |
| CVE-2023-41616 | A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and b... | Thu, 21 Sep 2023 19:13:59 |
| CVE-2023-41614 | A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows att... | Thu, 21 Sep 2023 19:10:59 |
| CVE-2023-5068 | Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This... | Thu, 21 Sep 2023 19:07:59 |
| CVE-2023-4504 | Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are suscepti... | Thu, 21 Sep 2023 19:04:58 |
| CVE-2023-42261 | ** DISPUTED ** Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's posi... | Thu, 21 Sep 2023 18:04:40 |
| CVE-2023-38344 | An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileCont... | Thu, 21 Sep 2023 17:08:26 |
| CVE-2023-38343 | An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4.... | Thu, 21 Sep 2023 17:05:26 |
| CVE-2023-42482 | Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. | Thu, 21 Sep 2023 16:10:49 |
| CVE-2023-34576 | SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQ... | Thu, 21 Sep 2023 16:07:49 |
| CVE-2023-42280 | mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify... | Thu, 21 Sep 2023 15:15:23 |
| CVE-2023-41993 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, ... | Thu, 21 Sep 2023 15:12:23 |
| CVE-2023-41992 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, w... | Thu, 21 Sep 2023 15:09:22 |
| CVE-2023-41991 | A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, w... | Thu, 21 Sep 2023 15:06:22 |
| CVE-2023-42810 | systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vu... | Thu, 21 Sep 2023 14:05:16 |
| CVE-2023-42279 | Dreamer CMS 4.1.3 is vulnerable to SQL Injection. | Thu, 21 Sep 2023 14:02:16 |
| CVE-2023-42807 | Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an... | Thu, 21 Sep 2023 13:18:09 |
| CVE-2023-42806 | Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` ... | Thu, 21 Sep 2023 13:15:09 |
| CVE-2023-42805 | quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC fr... | Thu, 21 Sep 2023 13:12:09 |
| CVE-2023-42458 | Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vul... | Thu, 21 Sep 2023 13:09:08 |
| CVE-2023-34577 | SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL c... | Thu, 21 Sep 2023 13:06:08 |
| CVE-2023-42456 | Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt,... | Thu, 21 Sep 2023 12:04:29 |
| CVE-2023-42457 | plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior... | Thu, 21 Sep 2023 11:09:10 |
| CVE-2023-41048 | plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Pr... | Thu, 21 Sep 2023 11:06:10 |
| CVE-2023-40183 | DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that ... | Thu, 21 Sep 2023 11:03:10 |
| CVE-2023-43637 | Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 ... | Thu, 21 Sep 2023 10:21:01 |