CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-42943 | Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web... | Tue, 17 May 2022 07:07:38 |
| CVE-2022-1723 | Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | Tue, 17 May 2022 04:41:40 |
| CVE-2022-26650 | In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) t... | Tue, 17 May 2022 04:08:54 |
| CVE-2013-10001 | A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification... | Tue, 17 May 2022 03:33:31 |
| CVE-2022-1753 | A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is respons... | Tue, 17 May 2022 01:22:37 |
| CVE-2022-23670 | A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10... | Mon, 16 May 2022 17:06:39 |
| CVE-2022-23668 | A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager vers... | Mon, 16 May 2022 17:06:14 |
| CVE-2022-23667 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... | Mon, 16 May 2022 17:05:44 |
| CVE-2022-1587 | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre... | Mon, 16 May 2022 17:05:31 |
| CVE-2022-1586 | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the ... | Mon, 16 May 2022 17:05:14 |
| CVE-2022-23666 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... | Mon, 16 May 2022 16:12:36 |
| CVE-2022-23665 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... | Mon, 16 May 2022 16:12:20 |
| CVE-2022-23664 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... | Mon, 16 May 2022 16:11:51 |
| CVE-2022-23663 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... | Mon, 16 May 2022 16:11:30 |
| CVE-2022-23662 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... | Mon, 16 May 2022 16:11:18 |
| CVE-2022-23661 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... | Mon, 16 May 2022 16:11:06 |
| CVE-2022-23660 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6... | Mon, 16 May 2022 16:10:41 |
| CVE-2022-23659 | A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10... | Mon, 16 May 2022 16:10:14 |
| CVE-2022-23658 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6... | Mon, 16 May 2022 16:09:49 |
| CVE-2022-23657 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6... | Mon, 16 May 2022 16:09:18 |
| CVE-2022-1731 | Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or S... | Mon, 16 May 2022 15:08:36 |
| CVE-2021-33025 | xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. | Mon, 16 May 2022 14:10:05 |
| CVE-2021-33021 | xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisal... | Mon, 16 May 2022 14:09:51 |
| CVE-2021-33001 | xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisva... | Mon, 16 May 2022 14:09:33 |
| CVE-2021-27446 | The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute c... | Mon, 16 May 2022 14:09:20 |
| CVE-2021-27444 | The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker t... | Mon, 16 May 2022 14:09:04 |
| CVE-2021-27442 | The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remo... | Mon, 16 May 2022 14:08:40 |
| CVE-2022-30697 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Wind... | Mon, 16 May 2022 14:08:27 |
| CVE-2022-30696 | Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Wi... | Mon, 16 May 2022 14:07:56 |
| CVE-2022-30695 | Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acr... | Mon, 16 May 2022 14:07:26 |
| CVE-2022-1679 | A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_ht... | Mon, 16 May 2022 14:07:05 |
| CVE-2022-30126 | In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to ... | Mon, 16 May 2022 13:15:58 |
| CVE-2022-25169 | The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully ... | Mon, 16 May 2022 13:15:37 |
| CVE-2021-23267 | Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated de... | Mon, 16 May 2022 13:12:53 |
| CVE-2021-23266 | An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages ... | Mon, 16 May 2022 13:12:37 |
| CVE-2021-23265 | A logged-in and authenticated user with a Reviewer Role may lock a content item. | Mon, 16 May 2022 13:12:23 |
| CVE-2022-30055 | Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. | Mon, 16 May 2022 13:07:36 |
| CVE-2022-30050 | Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. | Mon, 16 May 2022 13:07:19 |
| CVE-2021-33318 | An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpM... | Mon, 16 May 2022 12:02:34 |
| CVE-2022-1728 | Mon, 16 May 2022 11:01:44 | |
| CVE-2022-1726 | Mon, 16 May 2022 11:01:25 | |
| CVE-2022-1725 | Mon, 16 May 2022 10:58:26 | |
| CVE-2022-30523 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation V... | Mon, 16 May 2022 10:54:09 |
| CVE-2022-1722 | SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-... | Mon, 16 May 2022 10:53:43 |
| CVE-2022-1721 | Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web applicatio... | Mon, 16 May 2022 10:53:29 |
| CVE-2022-1720 | Mon, 16 May 2022 10:53:06 | |
| CVE-2022-1719 | Mon, 16 May 2022 10:52:46 | |
| CVE-2022-1718 | Mon, 16 May 2022 10:52:18 | |
| CVE-2022-1713 | SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its ... | Mon, 16 May 2022 10:52:00 |
| CVE-2022-1553 | Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.... | Mon, 16 May 2022 10:51:30 |
| CVE-2022-0578 | Code Injection in GitHub repository publify/publify prior to 9.2.8. | Mon, 16 May 2022 10:51:07 |
| CVE-2022-0574 | Improper Access Control in GitHub repository publify/publify prior to 9.2.8. | Mon, 16 May 2022 10:50:52 |
| CVE-2022-0573 | JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to Do... | Mon, 16 May 2022 10:50:22 |
| CVE-2021-25119 | The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the ex... | Mon, 16 May 2022 10:46:34 |
| CVE-2022-1560 | The Amministrazione Aperta WordPress plugin through 3.7.3 does not validate the open parameter before using it in an include ... | Mon, 16 May 2022 10:46:04 |
| CVE-2022-1559 | The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribu... | Mon, 16 May 2022 10:45:45 |
| CVE-2022-1557 | The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its ... | Mon, 16 May 2022 10:45:32 |
| CVE-2022-1512 | The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high pr... | Mon, 16 May 2022 10:45:08 |
| CVE-2022-1465 | The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputti... | Mon, 16 May 2022 10:44:40 |
| CVE-2022-1455 | The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a ... | Mon, 16 May 2022 10:44:21 |
| CVE-2022-1436 | The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter be... | Mon, 16 May 2022 10:43:53 |
| CVE-2022-1435 | The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow... | Mon, 16 May 2022 10:43:25 |
| CVE-2022-1425 | The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate t... | Mon, 16 May 2022 10:43:02 |
| CVE-2022-1418 | The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settin... | Mon, 16 May 2022 10:42:49 |
| CVE-2022-1409 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high priv... | Mon, 16 May 2022 10:42:32 |
| CVE-2022-1408 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting th... | Mon, 16 May 2022 10:42:14 |
| CVE-2022-1407 | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a track... | Mon, 16 May 2022 10:41:53 |
| CVE-2022-1398 | The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medi... | Mon, 16 May 2022 10:41:39 |
| CVE-2022-1393 | The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle].... | Mon, 16 May 2022 10:41:27 |
| CVE-2022-1386 | The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which c... | Mon, 16 May 2022 10:41:05 |
| CVE-2022-1349 | The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate t... | Mon, 16 May 2022 10:40:52 |
| CVE-2022-1334 | The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could... | Mon, 16 May 2022 10:40:33 |
| CVE-2022-1267 | The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it bac... | Mon, 16 May 2022 10:40:18 |
| CVE-2022-1265 | The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could a... | Mon, 16 May 2022 10:39:52 |
| CVE-2022-1217 | The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before ou... | Mon, 16 May 2022 10:39:37 |
| CVE-2022-1216 | The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputt... | Mon, 16 May 2022 10:39:24 |
| CVE-2022-1182 | The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them... | Mon, 16 May 2022 10:38:59 |
| CVE-2022-1103 | The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, ... | Mon, 16 May 2022 10:38:42 |
| CVE-2022-1089 | The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which cou... | Mon, 16 May 2022 10:38:19 |
| CVE-2022-1062 | The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high priv... | Mon, 16 May 2022 10:38:05 |
| CVE-2022-1051 | The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise a... | Mon, 16 May 2022 10:37:42 |
| CVE-2022-0873 | The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in... | Mon, 16 May 2022 10:37:13 |
| CVE-2022-0867 | The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is be... | Mon, 16 May 2022 10:36:55 |
| CVE-2021-42897 | A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_nam... | Mon, 16 May 2022 10:08:30 |
| CVE-2021-42870 | ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request. | Mon, 16 May 2022 10:08:11 |
| CVE-2022-30777 | Parallels H-Sphere 3.6.2 allows XSS via the index_en.php from parameter. | Mon, 16 May 2022 10:07:47 |
| CVE-2022-30776 | atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. | Mon, 16 May 2022 10:07:35 |
| CVE-2022-30013 | A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arb... | Mon, 16 May 2022 10:07:17 |
| CVE-2022-29623 | An arbitrary file upload vulnerability in the file upload module of Connect-Multiparty v2.2.0 allows attackers to execute arb... | Mon, 16 May 2022 10:06:47 |
| CVE-2022-29622 | An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename... | Mon, 16 May 2022 10:06:24 |
| CVE-2022-29354 | An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary cod... | Mon, 16 May 2022 10:06:00 |
| CVE-2022-29353 | An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitr... | Mon, 16 May 2022 10:05:40 |
| CVE-2022-29351 | An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary ... | Mon, 16 May 2022 10:05:15 |
| CVE-2022-29017 | Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S. | Mon, 16 May 2022 10:04:50 |
| CVE-2022-30012 | In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, a... | Mon, 16 May 2022 09:06:32 |
| CVE-2022-30011 | In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | Mon, 16 May 2022 09:06:04 |
| CVE-2022-29586 | Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port,... | Mon, 16 May 2022 02:05:26 |
| CVE-2022-30782 | Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure ra... | Mon, 16 May 2022 02:05:02 |
| CVE-2022-29588 | Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and ... | Mon, 16 May 2022 02:04:39 |
| CVE-2022-29587 | Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser)... | Mon, 16 May 2022 02:04:21 |