CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-20837 Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Ty... Tue, 26 Oct 2021 01:21:43
CVE-2021-41308 Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit... Tue, 26 Oct 2021 00:20:30
CVE-2021-41307 Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of privat... Tue, 26 Oct 2021 00:20:01
CVE-2021-41306 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filte... Tue, 26 Oct 2021 00:19:38
CVE-2021-41305 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private proj... Tue, 26 Oct 2021 00:19:19
CVE-2021-41304 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaS... Tue, 26 Oct 2021 00:19:04
CVE-2021-41105 FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a sof... Mon, 25 Oct 2021 18:14:38
CVE-2021-41145 Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementa... Mon, 25 Oct 2021 18:11:19
CVE-2021-41179 Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.... Mon, 25 Oct 2021 18:04:47
CVE-2021-38260 NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescrip... Mon, 25 Oct 2021 18:04:23
CVE-2021-38258 NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). Mon, 25 Oct 2021 18:03:55
CVE-2021-41178 Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file travers... Mon, 25 Oct 2021 18:00:15
CVE-2021-41177 Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Serv... Mon, 25 Oct 2021 17:53:59
CVE-2021-39224 Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1... Mon, 25 Oct 2021 17:50:09
CVE-2021-39225 Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.... Mon, 25 Oct 2021 17:43:00
CVE-2021-39223 Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8... Mon, 25 Oct 2021 17:39:12
CVE-2021-39221 Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was... Mon, 25 Oct 2021 15:14:06
CVE-2021-39220 Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.... Mon, 25 Oct 2021 15:02:33
CVE-2021-34864 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... Mon, 25 Oct 2021 13:18:17
CVE-2021-34863 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... Mon, 25 Oct 2021 13:17:54
CVE-2021-34862 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... Mon, 25 Oct 2021 13:17:38
CVE-2021-34861 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... Mon, 25 Oct 2021 13:17:19
CVE-2021-34860 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DA... Mon, 25 Oct 2021 13:16:56
CVE-2021-34859 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User ... Mon, 25 Oct 2021 13:16:38
CVE-2021-34857 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... Mon, 25 Oct 2021 13:16:13
CVE-2021-34856 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... Mon, 25 Oct 2021 13:15:52
CVE-2021-34855 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16... Mon, 25 Oct 2021 13:15:34
CVE-2021-34854 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... Mon, 25 Oct 2021 13:15:18
CVE-2021-41176 Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodact... Mon, 25 Oct 2021 12:56:10
CVE-2021-37624 FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a sof... Mon, 25 Oct 2021 12:14:40
CVE-2021-21319 Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malic... Mon, 25 Oct 2021 12:03:39
CVE-2021-41035 In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible... Mon, 25 Oct 2021 11:08:25
CVE-2020-20908 Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execu... Mon, 25 Oct 2021 11:02:17
CVE-2021-0939 In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could l... Mon, 25 Oct 2021 10:16:34
CVE-2021-0938 In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could... Mon, 25 Oct 2021 10:16:21
CVE-2021-0661 In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... Mon, 25 Oct 2021 10:16:05
CVE-2021-0631 In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service w... Mon, 25 Oct 2021 10:15:53
CVE-2021-0630 In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service w... Mon, 25 Oct 2021 10:15:32
CVE-2021-0625 In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with ... Mon, 25 Oct 2021 10:15:05
CVE-2021-0618 In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... Mon, 25 Oct 2021 10:14:44
CVE-2021-0616 In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... Mon, 25 Oct 2021 10:14:21
CVE-2021-0615 In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information dis... Mon, 25 Oct 2021 10:14:02
CVE-2021-0613 In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... Mon, 25 Oct 2021 10:13:34
CVE-2021-0414 In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... Mon, 25 Oct 2021 10:13:08
CVE-2021-0413 In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information ... Mon, 25 Oct 2021 10:12:47
CVE-2021-0411 In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information dis... Mon, 25 Oct 2021 10:12:34
CVE-2021-0410 In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... Mon, 25 Oct 2021 10:12:14
CVE-2021-0409 In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... Mon, 25 Oct 2021 10:11:49
CVE-2021-0941 In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local ... Mon, 25 Oct 2021 10:11:30
CVE-2021-0940 In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privil... Mon, 25 Oct 2021 10:11:06
CVE-2021-0936 In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalat... Mon, 25 Oct 2021 10:10:53
CVE-2021-0935 In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escala... Mon, 25 Oct 2021 10:10:27
CVE-2021-0663 In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... Mon, 25 Oct 2021 10:10:08
CVE-2021-0662 In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... Mon, 25 Oct 2021 10:09:52
CVE-2021-0634 In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of pr... Mon, 25 Oct 2021 10:09:38
CVE-2021-0633 In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalat... Mon, 25 Oct 2021 10:09:13
CVE-2021-0632 In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information d... Mon, 25 Oct 2021 10:09:01
CVE-2021-0617 In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... Mon, 25 Oct 2021 10:08:47
CVE-2021-0614 In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... Mon, 25 Oct 2021 10:08:27
CVE-2021-0412 In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information ... Mon, 25 Oct 2021 10:08:06
CVE-2017-20007 Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive inf... Mon, 25 Oct 2021 10:07:40
CVE-2020-14264 "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConne... Mon, 25 Oct 2021 09:44:10
CVE-2021-24885 The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, l... Mon, 25 Oct 2021 09:34:01
CVE-2021-24884 The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a>... Mon, 25 Oct 2021 09:33:36
CVE-2021-24785 The Great Quotes WordPress plugin through 1.0.0 does not sanitise and escape the Quote and Author fields of its Quotes, which... Mon, 25 Oct 2021 09:33:14
CVE-2021-24779 The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any ca... Mon, 25 Oct 2021 09:32:57
CVE-2021-24774 The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters bef... Mon, 25 Oct 2021 09:32:30
CVE-2021-24769 The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using i... Mon, 25 Oct 2021 09:32:06
CVE-2021-24744 The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outp... Mon, 25 Oct 2021 09:31:52
CVE-2021-24699 The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow u... Mon, 25 Oct 2021 09:31:31
CVE-2021-24662 The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQ... Mon, 25 Oct 2021 09:31:11
CVE-2021-24653 The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitise the Cookie Bar Message setting, which could allow hig... Mon, 25 Oct 2021 09:30:57
CVE-2021-24608 The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise... Mon, 25 Oct 2021 09:30:40
CVE-2021-24544 The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allow... Mon, 25 Oct 2021 09:30:13
CVE-2021-24543 The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise... Mon, 25 Oct 2021 09:29:43
CVE-2021-24515 The Video Gallery – Vimeo and YouTube Gallery WordPress plugin through 1.1.4 does not escape the Title and Description of t... Mon, 25 Oct 2021 09:29:30
CVE-2021-24514 The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege user... Mon, 25 Oct 2021 09:29:17
CVE-2021-24489 The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin das... Mon, 25 Oct 2021 09:29:02
CVE-2021-24487 The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display ... Mon, 25 Oct 2021 09:28:35
CVE-2021-24485 The Special Text Boxes WordPress plugin through 5.9.109 does not sanitise or escape some of its settings, which could allow h... Mon, 25 Oct 2021 09:28:14
CVE-2021-24414 The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, all... Mon, 25 Oct 2021 09:27:54
CVE-2021-24381 The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form f... Mon, 25 Oct 2021 09:27:41
CVE-2021-25977 In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a... Mon, 25 Oct 2021 09:16:52
CVE-2021-35231 As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker... Mon, 25 Oct 2021 09:06:48
CVE-2021-40865 An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth... Mon, 25 Oct 2021 08:31:27
CVE-2021-38294 A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache ... Mon, 25 Oct 2021 08:31:00
CVE-2021-40527 Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and includi... Mon, 25 Oct 2021 07:03:53
CVE-2021-40526 Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to tr... Mon, 25 Oct 2021 07:03:34
CVE-2021-40371 Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as de... Mon, 25 Oct 2021 03:06:07
CVE-2021-21703 In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with m... Mon, 25 Oct 2021 01:43:28
CVE-2021-42258 BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as ... Fri, 22 Oct 2021 18:03:39
CVE-2020-36502 Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename par... Fri, 22 Oct 2021 16:25:16
CVE-2020-36501 Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arb... Fri, 22 Oct 2021 16:24:54
CVE-2020-36499 TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the c... Fri, 22 Oct 2021 16:24:35
CVE-2020-36498 Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account r... Fri, 22 Oct 2021 16:24:07
CVE-2020-36497 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_home... Fri, 22 Oct 2021 16:23:48
CVE-2020-36496 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_use... Fri, 22 Oct 2021 16:23:34
CVE-2020-36495 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_v... Fri, 22 Oct 2021 16:23:04
CVE-2020-36494 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edi... Fri, 22 Oct 2021 16:22:47
CVE-2020-36493 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.ph... Fri, 22 Oct 2021 16:22:23
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report