CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-38965 IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands... Mon, 17 Jan 2022 12:16:28
CVE-2021-33040 managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS. Mon, 17 Jan 2022 12:06:39
CVE-2022-0258 pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command Mon, 17 Jan 2022 10:28:01
CVE-2022-0257 pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Mon, 17 Jan 2022 10:27:46
CVE-2022-0256 pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Mon, 17 Jan 2022 10:20:09
CVE-2021-3862 icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Mon, 17 Jan 2022 08:54:03
CVE-2022-0240 mruby is vulnerable to NULL Pointer Dereference Mon, 17 Jan 2022 08:38:49
CVE-2022-0253 livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Mon, 17 Jan 2022 08:20:26
CVE-2021-25067 The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post... Mon, 17 Jan 2022 08:06:58
CVE-2021-25065 The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in c... Mon, 17 Jan 2022 08:06:32
CVE-2021-25061 The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calenda... Mon, 17 Jan 2022 08:06:17
CVE-2021-25046 The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a ca... Mon, 17 Jan 2022 08:05:58
CVE-2021-25037 The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered ... Mon, 17 Jan 2022 08:05:44
CVE-2021-25036 The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during a... Mon, 17 Jan 2022 08:05:24
CVE-2021-25025 The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event... Mon, 17 Jan 2022 08:05:02
CVE-2021-25024 The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, lea... Mon, 17 Jan 2022 08:04:37
CVE-2021-25005 The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege user... Mon, 17 Jan 2022 08:04:15
CVE-2021-24909 The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf... Mon, 17 Jan 2022 08:03:51
CVE-2021-24838 The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the ... Mon, 17 Jan 2022 08:03:26
CVE-2021-4164 calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) Mon, 17 Jan 2022 07:39:10
CVE-2021-3857 chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Mon, 17 Jan 2022 06:38:06
CVE-2021-3853 chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Mon, 17 Jan 2022 06:27:23
CVE-2021-4171 calibre-web is vulnerable to Business Logic Errors Mon, 17 Jan 2022 04:45:46
CVE-2022-0184 Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver... Mon, 17 Jan 2022 04:19:44
CVE-2022-0183 Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all ... Mon, 17 Jan 2022 04:19:28
CVE-2022-0182 Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated att... Mon, 17 Jan 2022 04:19:12
CVE-2022-0181 Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to in... Mon, 17 Jan 2022 04:18:49
CVE-2022-0180 Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to... Mon, 17 Jan 2022 04:18:21
CVE-2022-0131 Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnera... Mon, 17 Jan 2022 04:17:56
CVE-2022-0239 corenlp is vulnerable to Improper Restriction of XML External Entity Reference Mon, 17 Jan 2022 01:18:37
CVE-2022-23304 The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks a... Sun, 16 Jan 2022 21:08:03
CVE-2022-23303 The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a ... Sun, 16 Jan 2022 21:07:44
CVE-2021-4170 calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Sun, 16 Jan 2022 16:00:10
CVE-2022-0235 node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Sun, 16 Jan 2022 12:10:28
CVE-2022-0238 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) Sun, 16 Jan 2022 05:36:46
CVE-2021-44537 ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to rem... Sat, 15 Jan 2022 16:04:13
CVE-2021-33828 The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that ha... Sat, 15 Jan 2022 16:03:54
CVE-2021-33827 The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. Sat, 15 Jan 2022 16:03:32
CVE-2021-42555 Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. Sat, 15 Jan 2022 12:08:41
CVE-2021-35969 Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. Sat, 15 Jan 2022 12:08:11
CVE-2021-33499 Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2). Sat, 15 Jan 2022 12:07:49
CVE-2021-33498 Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2). Sat, 15 Jan 2022 12:07:21
CVE-2021-32545 Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation. Sat, 15 Jan 2022 12:07:09
CVE-2020-28919 A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker... Sat, 15 Jan 2022 12:06:55
CVE-2021-44049 CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privilege... Sat, 15 Jan 2022 10:07:03
CVE-2022-23178 An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switc... Sat, 15 Jan 2022 10:06:38
CVE-2022-23095 Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted J... Sat, 15 Jan 2022 10:06:18
CVE-2021-33963 China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST r... Sat, 15 Jan 2022 05:01:46
CVE-2022-23094 Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) vi... Fri, 14 Jan 2022 21:02:19
CVE-2021-24044 By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions... Fri, 14 Jan 2022 19:41:49
CVE-2021-23566 The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce ... Fri, 14 Jan 2022 16:16:31
CVE-2021-46171 Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c. Fri, 14 Jan 2022 16:03:24
CVE-2021-46170 An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js... Fri, 14 Jan 2022 16:03:02
CVE-2021-46169 Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache. Fri, 14 Jan 2022 16:02:47
CVE-2021-46168 Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c. Fri, 14 Jan 2022 16:02:22
CVE-2021-42067 In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 78... Fri, 14 Jan 2022 15:40:04
CVE-2021-39684 In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the ... Fri, 14 Jan 2022 15:39:34
CVE-2021-39683 In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead t... Fri, 14 Jan 2022 15:39:20
CVE-2021-39682 In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This c... Fri, 14 Jan 2022 15:38:56
CVE-2021-39681 In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local ... Fri, 14 Jan 2022 15:38:38
CVE-2021-39680 In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lea... Fri, 14 Jan 2022 15:38:09
CVE-2021-39679 In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to loca... Fri, 14 Jan 2022 15:37:46
CVE-2021-39678 In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation o... Fri, 14 Jan 2022 15:37:18
CVE-2021-39659 In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency ... Fri, 14 Jan 2022 15:36:55
CVE-2021-39634 In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional ex... Fri, 14 Jan 2022 15:36:32
CVE-2021-39633 In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local ... Fri, 14 Jan 2022 15:36:07
CVE-2021-39632 In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to loc... Fri, 14 Jan 2022 15:35:50
CVE-2021-39630 In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to... Fri, 14 Jan 2022 15:35:30
CVE-2021-39629 In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could ... Fri, 14 Jan 2022 15:35:17
CVE-2021-39628 In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code.... Fri, 14 Jan 2022 15:34:54
CVE-2021-39627 In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe Pend... Fri, 14 Jan 2022 15:34:42
CVE-2021-39626 In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This co... Fri, 14 Jan 2022 15:34:21
CVE-2021-39625 In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to Medi... Fri, 14 Jan 2022 15:34:02
CVE-2021-39623 In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could l... Fri, 14 Jan 2022 15:33:33
CVE-2021-39622 In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to l... Fri, 14 Jan 2022 15:33:19
CVE-2021-39621 In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe Pend... Fri, 14 Jan 2022 15:33:00
CVE-2021-39620 In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to l... Fri, 14 Jan 2022 15:32:45
CVE-2021-39618 In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user conse... Fri, 14 Jan 2022 15:32:20
CVE-2021-0959 In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead ... Fri, 14 Jan 2022 15:31:51
CVE-2021-46195 GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability... Fri, 14 Jan 2022 15:31:28
CVE-2021-46022 An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation f... Fri, 14 Jan 2022 15:31:12
CVE-2021-46021 An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fa... Fri, 14 Jan 2022 15:30:52
CVE-2021-46020 An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash. Fri, 14 Jan 2022 15:30:38
CVE-2021-46019 An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or ... Fri, 14 Jan 2022 15:30:11
CVE-2021-45782 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... Fri, 14 Jan 2022 15:29:59
CVE-2021-45781 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... Fri, 14 Jan 2022 15:29:39
CVE-2021-45780 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... Fri, 14 Jan 2022 15:29:26
CVE-2021-45779 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... Fri, 14 Jan 2022 15:29:12
CVE-2021-45778 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... Fri, 14 Jan 2022 15:29:00
CVE-2021-45775 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... Fri, 14 Jan 2022 15:28:38
CVE-2021-45774 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... Fri, 14 Jan 2022 15:28:07
CVE-2021-45773 A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e ca... Fri, 14 Jan 2022 15:27:49
CVE-2021-45769 A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segm... Fri, 14 Jan 2022 15:27:26
CVE-2021-45767 GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability... Fri, 14 Jan 2022 15:27:05
CVE-2021-45764 GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra(). Fri, 14 Jan 2022 15:26:39
CVE-2021-45406 In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query whil... Fri, 14 Jan 2022 15:26:25
CVE-2021-45068 Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected ... Fri, 14 Jan 2022 15:25:59
CVE-2021-45067 Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected ... Fri, 14 Jan 2022 15:25:40
CVE-2021-45064 Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected ... Fri, 14 Jan 2022 15:25:13
CVE-2021-45063 Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected ... Fri, 14 Jan 2022 15:24:49
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report