CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2022-23465 | SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could mod... | Fri, 02 Dec 2022 18:06:56 |
| CVE-2022-4262 | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption... | Fri, 02 Dec 2022 16:08:32 |
| CVE-2022-4220 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. ... | Fri, 02 Dec 2022 16:08:19 |
| CVE-2022-4219 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. ... | Fri, 02 Dec 2022 16:07:51 |
| CVE-2022-4218 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. ... | Fri, 02 Dec 2022 16:07:30 |
| CVE-2022-4217 | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up... | Fri, 02 Dec 2022 16:07:15 |
| CVE-2022-4216 | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in vers... | Fri, 02 Dec 2022 16:06:46 |
| CVE-2022-4215 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chaine... | Fri, 02 Dec 2022 16:06:15 |
| CVE-2022-4214 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedq... | Fri, 02 Dec 2022 16:05:58 |
| CVE-2022-4213 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedq... | Fri, 02 Dec 2022 16:05:40 |
| CVE-2022-4212 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chained... | Fri, 02 Dec 2022 16:05:19 |
| CVE-2022-4211 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chai... | Fri, 02 Dec 2022 16:05:02 |
| CVE-2022-4210 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chained... | Fri, 02 Dec 2022 16:04:50 |
| CVE-2022-4209 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'cha... | Fri, 02 Dec 2022 16:04:34 |
| CVE-2022-4208 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chain... | Fri, 02 Dec 2022 16:04:04 |
| CVE-2022-2642 | Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sens... | Fri, 02 Dec 2022 15:10:21 |
| CVE-2022-2641 | Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an atta... | Fri, 02 Dec 2022 15:10:03 |
| CVE-2022-2640 | The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerab... | Fri, 02 Dec 2022 15:09:42 |
| CVE-2022-44962 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.... | Fri, 02 Dec 2022 15:09:20 |
| CVE-2022-44961 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. ... | Fri, 02 Dec 2022 15:08:54 |
| CVE-2022-44960 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?sea... | Fri, 02 Dec 2022 15:08:35 |
| CVE-2022-44959 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.... | Fri, 02 Dec 2022 15:08:12 |
| CVE-2022-44957 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.ph... | Fri, 02 Dec 2022 15:07:43 |
| CVE-2022-44956 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.... | Fri, 02 Dec 2022 15:07:26 |
| CVE-2022-44955 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability... | Fri, 02 Dec 2022 15:07:09 |
| CVE-2022-44954 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.... | Fri, 02 Dec 2022 15:06:56 |
| CVE-2022-44953 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfile... | Fri, 02 Dec 2022 15:06:40 |
| CVE-2022-44952 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configura... | Fri, 02 Dec 2022 15:06:19 |
| CVE-2022-44951 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab functi... | Fri, 02 Dec 2022 15:05:54 |
| CVE-2022-44950 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function ... | Fri, 02 Dec 2022 15:05:33 |
| CVE-2022-44949 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function ... | Fri, 02 Dec 2022 15:05:18 |
| CVE-2022-44948 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature ... | Fri, 02 Dec 2022 15:04:49 |
| CVE-2022-44947 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature a... | Fri, 02 Dec 2022 15:04:35 |
| CVE-2022-44946 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /i... | Fri, 02 Dec 2022 15:04:17 |
| CVE-2022-44945 | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | Fri, 02 Dec 2022 15:03:52 |
| CVE-2022-44944 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement functi... | Fri, 02 Dec 2022 15:03:33 |
| CVE-2022-44291 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | Fri, 02 Dec 2022 15:03:20 |
| CVE-2022-44290 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | Fri, 02 Dec 2022 15:02:58 |
| CVE-2022-3086 | An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A ... | Fri, 02 Dec 2022 15:02:33 |
| CVE-2022-3520 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. | Fri, 02 Dec 2022 14:07:25 |
| CVE-2022-46167 | Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a ... | Fri, 02 Dec 2022 14:03:18 |
| CVE-2022-46145 | authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user ... | Fri, 02 Dec 2022 13:17:19 |
| CVE-2022-45672 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function. | Fri, 02 Dec 2022 13:16:59 |
| CVE-2022-45671 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule fu... | Fri, 02 Dec 2022 13:16:30 |
| CVE-2022-45670 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. | Fri, 02 Dec 2022 13:16:01 |
| CVE-2022-45669 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet func... | Fri, 02 Dec 2022 13:15:44 |
| CVE-2022-45668 | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | Fri, 02 Dec 2022 13:15:18 |
| CVE-2022-45667 | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | Fri, 02 Dec 2022 13:14:59 |
| CVE-2022-45664 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. | Fri, 02 Dec 2022 13:14:39 |
| CVE-2022-45663 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet func... | Fri, 02 Dec 2022 13:14:17 |
| CVE-2022-45661 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement ... | Fri, 02 Dec 2022 13:13:56 |
| CVE-2022-45660 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi f... | Fri, 02 Dec 2022 13:13:42 |
| CVE-2022-45659 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWireless... | Fri, 02 Dec 2022 13:13:30 |
| CVE-2022-45658 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi fun... | Fri, 02 Dec 2022 13:13:05 |
| CVE-2022-45657 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind functio... | Fri, 02 Dec 2022 13:12:39 |
| CVE-2022-45656 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. | Fri, 02 Dec 2022 13:12:12 |
| CVE-2022-45655 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wi... | Fri, 02 Dec 2022 13:11:50 |
| CVE-2022-45654 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_s... | Fri, 02 Dec 2022 13:11:30 |
| CVE-2022-45653 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting fun... | Fri, 02 Dec 2022 13:11:09 |
| CVE-2022-45652 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer fun... | Fri, 02 Dec 2022 13:10:44 |
| CVE-2022-45651 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer functi... | Fri, 02 Dec 2022 13:10:15 |
| CVE-2022-45650 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg... | Fri, 02 Dec 2022 13:09:46 |
| CVE-2022-45649 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer funct... | Fri, 02 Dec 2022 13:09:18 |
| CVE-2022-45648 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName fun... | Fri, 02 Dec 2022 13:08:55 |
| CVE-2022-45647 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState... | Fri, 02 Dec 2022 13:08:28 |
| CVE-2022-45646 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientSta... | Fri, 02 Dec 2022 13:08:06 |
| CVE-2022-45645 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter fu... | Fri, 02 Dec 2022 13:07:42 |
| CVE-2022-45644 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState f... | Fri, 02 Dec 2022 13:07:30 |
| CVE-2022-45643 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter fun... | Fri, 02 Dec 2022 13:07:18 |
| CVE-2022-45641 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. | Fri, 02 Dec 2022 13:07:01 |
| CVE-2022-45674 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | Fri, 02 Dec 2022 12:07:56 |
| CVE-2022-45673 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | Fri, 02 Dec 2022 12:07:33 |
| CVE-2022-44367 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. | Fri, 02 Dec 2022 12:07:18 |
| CVE-2022-44366 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. | Fri, 02 Dec 2022 12:06:50 |
| CVE-2022-44365 | Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. | Fri, 02 Dec 2022 12:06:19 |
| CVE-2022-44363 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. | Fri, 02 Dec 2022 12:05:58 |
| CVE-2022-44362 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. | Fri, 02 Dec 2022 12:05:36 |
| CVE-2022-44348 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=. | Fri, 02 Dec 2022 12:05:24 |
| CVE-2022-44347 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=. | Fri, 02 Dec 2022 12:05:00 |
| CVE-2022-44345 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=. | Fri, 02 Dec 2022 12:04:45 |
| CVE-2022-44277 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. | Fri, 02 Dec 2022 12:04:18 |
| CVE-2022-3591 | Use After Free in GitHub repository vim/vim prior to 9.0.0789. | Fri, 02 Dec 2022 11:29:08 |
| CVE-2022-45483 | Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (in... | Fri, 02 Dec 2022 11:06:49 |
| CVE-2022-45482 | Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated us... | Fri, 02 Dec 2022 11:06:20 |
| CVE-2022-45480 | PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) t... | Fri, 02 Dec 2022 11:05:59 |
| CVE-2022-43272 | DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. | Fri, 02 Dec 2022 11:05:37 |
| CVE-2022-4271 | Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. | Fri, 02 Dec 2022 11:01:16 |
| CVE-2022-46159 | Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 ... | Fri, 02 Dec 2022 10:03:55 |
| CVE-2022-45215 | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web s... | Fri, 02 Dec 2022 10:03:42 |
| CVE-2022-46366 | ** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code executio... | Fri, 02 Dec 2022 09:03:58 |
| CVE-2022-4270 | Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permission... | Fri, 02 Dec 2022 08:05:09 |
| CVE-2022-2808 | Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnera... | Fri, 02 Dec 2022 07:07:38 |
| CVE-2022-2807 | Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. | Fri, 02 Dec 2022 06:46:42 |
| CVE-2022-45562 | Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settin... | Thu, 01 Dec 2022 22:08:52 |
| CVE-2022-44930 | D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | Thu, 01 Dec 2022 22:08:28 |
| CVE-2022-44929 | An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily... | Thu, 01 Dec 2022 22:08:01 |
| CVE-2022-44928 | D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | Thu, 01 Dec 2022 21:07:52 |
| CVE-2022-43325 | An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Nod... | Thu, 01 Dec 2022 21:07:23 |
| CVE-2022-44212 | In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. | Thu, 01 Dec 2022 17:05:14 |
| CVE-2022-44211 | In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. | Thu, 01 Dec 2022 17:04:45 |