CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-25200 | Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary ... | Wed, 28 Jul 2021 12:41:00 |
| CVE-2021-23417 | All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function. | Wed, 28 Jul 2021 12:20:18 |
| CVE-2021-23416 | This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize th... | Wed, 28 Jul 2021 12:20:04 |
| CVE-2021-23415 | This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is ... | Wed, 28 Jul 2021 12:19:42 |
| CVE-2021-34166 | A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and... | Wed, 28 Jul 2021 11:43:35 |
| CVE-2021-34165 | A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and... | Wed, 28 Jul 2021 11:43:17 |
| CVE-2021-37601 | muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members... | Wed, 28 Jul 2021 10:46:17 |
| CVE-2021-37600 | An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use syst... | Wed, 28 Jul 2021 10:45:49 |
| CVE-2020-10590 | Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console ... | Wed, 28 Jul 2021 08:48:05 |
| CVE-2020-5004 | IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS... | Wed, 28 Jul 2021 08:30:48 |
| CVE-2020-4974 | IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker t... | Wed, 28 Jul 2021 08:30:32 |
| CVE-2021-32000 | A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUS... | Wed, 28 Jul 2021 05:38:36 |
| CVE-2021-32001 | A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the d... | Wed, 28 Jul 2021 05:28:26 |
| CVE-2021-23414 | This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute a... | Wed, 28 Jul 2021 03:20:33 |
| CVE-2021-36983 | replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/repla... | Wed, 28 Jul 2021 00:48:10 |
| CVE-2021-20789 | Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupS... | Tue, 27 Jul 2021 20:53:15 |
| CVE-2021-20788 | Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prio... | Tue, 27 Jul 2021 20:53:03 |
| CVE-2021-20787 | Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0,... | Tue, 27 Jul 2021 20:52:48 |
| CVE-2021-20786 | Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior... | Tue, 27 Jul 2021 20:52:19 |
| CVE-2021-20785 | Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0,... | Tue, 27 Jul 2021 20:52:00 |
| CVE-2021-20783 | Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentic... | Tue, 27 Jul 2021 20:51:32 |
| CVE-2021-37596 | Telegram Web K Alpha 0.6.1 allows XSS via a document name. | Tue, 27 Jul 2021 20:41:44 |
| CVE-2021-37595 | In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input ... | Tue, 27 Jul 2021 20:41:26 |
| CVE-2021-37594 | In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input ... | Tue, 27 Jul 2021 20:40:56 |
| CVE-2021-37593 | PEEL Shopping before 9.4.0.1 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL qu... | Tue, 27 Jul 2021 20:40:26 |
| CVE-2020-26180 | Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an acces... | Tue, 27 Jul 2021 20:14:07 |
| CVE-2020-5351 | Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is p... | Tue, 27 Jul 2021 20:13:46 |
| CVE-2020-5341 | Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and... | Tue, 27 Jul 2021 20:13:16 |
| CVE-2020-20701 | A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web ... | Tue, 27 Jul 2021 19:46:45 |
| CVE-2020-20700 | A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary we... | Tue, 27 Jul 2021 19:46:15 |
| CVE-2020-20699 | A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a ... | Tue, 27 Jul 2021 19:45:49 |
| CVE-2020-20698 | A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of ... | Tue, 27 Jul 2021 19:45:22 |
| CVE-2021-37588 | In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. | Tue, 27 Jul 2021 19:42:36 |
| CVE-2021-37587 | In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. | Tue, 27 Jul 2021 19:42:11 |
| CVE-2021-32796 | xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom... | Tue, 27 Jul 2021 17:50:26 |
| CVE-2021-32788 | Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator ... | Tue, 27 Jul 2021 17:44:14 |
| CVE-2021-32748 | Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform... | Tue, 27 Jul 2021 17:12:15 |
| CVE-2020-19118 | Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | Tue, 27 Jul 2021 15:42:56 |
| CVE-2021-30483 | isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. | Tue, 27 Jul 2021 15:42:36 |
| CVE-2020-21806 | SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php.. | Tue, 27 Jul 2021 13:43:03 |
| CVE-2020-18013 | SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm. | Tue, 27 Jul 2021 12:44:59 |
| CVE-2020-16839 | On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed b... | Tue, 27 Jul 2021 12:44:31 |
| CVE-2021-36605 | engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list pag... | Tue, 27 Jul 2021 12:44:07 |
| CVE-2021-28966 | In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with T... | Tue, 27 Jul 2021 12:43:40 |
| CVE-2021-28674 | The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outs... | Tue, 27 Jul 2021 12:43:19 |
| CVE-2021-34432 | In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic... | Tue, 27 Jul 2021 11:27:52 |
| CVE-2020-14999 | A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows mem... | Tue, 27 Jul 2021 09:46:21 |
| CVE-2021-36004 | Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An una... | Tue, 27 Jul 2021 09:46:09 |
| CVE-2021-35479 | Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function thr... | Tue, 27 Jul 2021 08:45:25 |
| CVE-2021-35478 | Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All p... | Tue, 27 Jul 2021 08:44:56 |
| CVE-2021-34802 | A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authe... | Tue, 27 Jul 2021 08:44:32 |
| CVE-2021-20562 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site ... | Tue, 27 Jul 2021 07:31:04 |
| CVE-2021-20399 | IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack ... | Tue, 27 Jul 2021 07:30:52 |
| CVE-2021-36766 | Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashbo... | Tue, 27 Jul 2021 03:47:35 |
| CVE-2021-36754 | PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535... | Tue, 27 Jul 2021 03:47:18 |
| CVE-2021-35472 | An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing... | Tue, 27 Jul 2021 03:46:54 |
| CVE-2021-35458 | Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter. | Tue, 27 Jul 2021 03:46:35 |
| CVE-2021-32610 | In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than ... | Tue, 27 Jul 2021 03:46:12 |
| CVE-2021-32558 | An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.... | Tue, 27 Jul 2021 03:45:46 |
| CVE-2021-31878 | An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be re... | Tue, 27 Jul 2021 03:45:26 |
| CVE-2021-28095 | OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collision... | Tue, 27 Jul 2021 03:45:12 |
| CVE-2021-28094 | OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due t... | Tue, 27 Jul 2021 03:44:53 |
| CVE-2021-28093 | OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to us... | Tue, 27 Jul 2021 03:44:41 |
| CVE-2020-11511 | The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instr... | Tue, 27 Jul 2021 02:48:53 |
| CVE-2021-37576 | arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause ... | Mon, 26 Jul 2021 18:04:43 |
| CVE-2020-18430 | tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a de... | Mon, 26 Jul 2021 18:04:23 |
| CVE-2020-18428 | tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a de... | Mon, 26 Jul 2021 18:04:00 |
| CVE-2021-37555 | TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To... | Mon, 26 Jul 2021 17:07:21 |
| CVE-2020-23243 | Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature. | Mon, 26 Jul 2021 17:07:06 |
| CVE-2020-23242 | Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature. | Mon, 26 Jul 2021 17:06:37 |
| CVE-2020-23241 | Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. | Mon, 26 Jul 2021 17:06:23 |
| CVE-2020-23240 | Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. | Mon, 26 Jul 2021 16:43:26 |
| CVE-2020-18174 | A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. | Mon, 26 Jul 2021 16:06:03 |
| CVE-2020-18173 | A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. | Mon, 26 Jul 2021 16:05:42 |
| CVE-2020-18172 | A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privile... | Mon, 26 Jul 2021 16:05:30 |
| CVE-2020-18171 | TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted... | Mon, 26 Jul 2021 16:05:14 |
| CVE-2020-18170 | An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privi... | Mon, 26 Jul 2021 16:04:58 |
| CVE-2020-18169 | A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privi... | Mon, 26 Jul 2021 16:04:38 |
| CVE-2020-23239 | Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. | Mon, 26 Jul 2021 16:04:18 |
| CVE-2020-23238 | Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature. | Mon, 26 Jul 2021 16:03:49 |
| CVE-2020-23234 | Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by us... | Mon, 26 Jul 2021 16:03:22 |
| CVE-2020-17952 | A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary ... | Mon, 26 Jul 2021 16:03:02 |
| CVE-2021-32795 | ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versi... | Mon, 26 Jul 2021 15:28:46 |
| CVE-2021-32794 | ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a... | Mon, 26 Jul 2021 14:57:12 |
| CVE-2021-37478 | In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which res... | Mon, 26 Jul 2021 14:07:50 |
| CVE-2021-37477 | In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_ord... | Mon, 26 Jul 2021 14:07:25 |
| CVE-2021-37476 | In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a ... | Mon, 26 Jul 2021 14:07:01 |
| CVE-2021-37475 | In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-pro... | Mon, 26 Jul 2021 14:06:31 |
| CVE-2021-37473 | In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order... | Mon, 26 Jul 2021 14:06:06 |
| CVE-2021-36563 | The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO m... | Mon, 26 Jul 2021 14:05:52 |
| CVE-2021-37394 | In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registra... | Mon, 26 Jul 2021 13:45:27 |
| CVE-2021-37393 | In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "... | Mon, 26 Jul 2021 13:45:02 |
| CVE-2021-37392 | In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API funct... | Mon, 26 Jul 2021 13:44:43 |
| CVE-2021-32792 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect... | Mon, 26 Jul 2021 13:12:51 |
| CVE-2021-32791 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect... | Mon, 26 Jul 2021 13:08:28 |
| CVE-2021-31292 | An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and caus... | Mon, 26 Jul 2021 13:08:13 |
| CVE-2021-31291 | A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS... | Mon, 26 Jul 2021 13:07:46 |
| CVE-2021-25804 | A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the applic... | Mon, 26 Jul 2021 13:07:16 |
| CVE-2021-25803 | A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attacker... | Mon, 26 Jul 2021 13:06:50 |
| CVE-2021-25802 | A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to ... | Mon, 26 Jul 2021 13:06:20 |