CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2022-23465 SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could mod... Fri, 02 Dec 2022 18:06:56
CVE-2022-4262 Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption... Fri, 02 Dec 2022 16:08:32
CVE-2022-4220 The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. ... Fri, 02 Dec 2022 16:08:19
CVE-2022-4219 The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. ... Fri, 02 Dec 2022 16:07:51
CVE-2022-4218 The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. ... Fri, 02 Dec 2022 16:07:30
CVE-2022-4217 The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up... Fri, 02 Dec 2022 16:07:15
CVE-2022-4216 The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in vers... Fri, 02 Dec 2022 16:06:46
CVE-2022-4215 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chaine... Fri, 02 Dec 2022 16:06:15
CVE-2022-4214 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedq... Fri, 02 Dec 2022 16:05:58
CVE-2022-4213 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedq... Fri, 02 Dec 2022 16:05:40
CVE-2022-4212 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chained... Fri, 02 Dec 2022 16:05:19
CVE-2022-4211 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chai... Fri, 02 Dec 2022 16:05:02
CVE-2022-4210 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chained... Fri, 02 Dec 2022 16:04:50
CVE-2022-4209 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'cha... Fri, 02 Dec 2022 16:04:34
CVE-2022-4208 The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chain... Fri, 02 Dec 2022 16:04:04
CVE-2022-2642 Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sens... Fri, 02 Dec 2022 15:10:21
CVE-2022-2641 Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an atta... Fri, 02 Dec 2022 15:10:03
CVE-2022-2640 The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerab... Fri, 02 Dec 2022 15:09:42
CVE-2022-44962 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.... Fri, 02 Dec 2022 15:09:20
CVE-2022-44961 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. ... Fri, 02 Dec 2022 15:08:54
CVE-2022-44960 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?sea... Fri, 02 Dec 2022 15:08:35
CVE-2022-44959 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.... Fri, 02 Dec 2022 15:08:12
CVE-2022-44957 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.ph... Fri, 02 Dec 2022 15:07:43
CVE-2022-44956 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.... Fri, 02 Dec 2022 15:07:26
CVE-2022-44955 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability... Fri, 02 Dec 2022 15:07:09
CVE-2022-44954 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.... Fri, 02 Dec 2022 15:06:56
CVE-2022-44953 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfile... Fri, 02 Dec 2022 15:06:40
CVE-2022-44952 Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configura... Fri, 02 Dec 2022 15:06:19
CVE-2022-44951 Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab functi... Fri, 02 Dec 2022 15:05:54
CVE-2022-44950 Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function ... Fri, 02 Dec 2022 15:05:33
CVE-2022-44949 Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function ... Fri, 02 Dec 2022 15:05:18
CVE-2022-44948 Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature ... Fri, 02 Dec 2022 15:04:49
CVE-2022-44947 Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature a... Fri, 02 Dec 2022 15:04:35
CVE-2022-44946 Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /i... Fri, 02 Dec 2022 15:04:17
CVE-2022-44945 Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. Fri, 02 Dec 2022 15:03:52
CVE-2022-44944 Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement functi... Fri, 02 Dec 2022 15:03:33
CVE-2022-44291 webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. Fri, 02 Dec 2022 15:03:20
CVE-2022-44290 webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. Fri, 02 Dec 2022 15:02:58
CVE-2022-3086 An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A ... Fri, 02 Dec 2022 15:02:33
CVE-2022-3520 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. Fri, 02 Dec 2022 14:07:25
CVE-2022-46167 Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a ... Fri, 02 Dec 2022 14:03:18
CVE-2022-46145 authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user ... Fri, 02 Dec 2022 13:17:19
CVE-2022-45672 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function. Fri, 02 Dec 2022 13:16:59
CVE-2022-45671 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule fu... Fri, 02 Dec 2022 13:16:30
CVE-2022-45670 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. Fri, 02 Dec 2022 13:16:01
CVE-2022-45669 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet func... Fri, 02 Dec 2022 13:15:44
CVE-2022-45668 Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. Fri, 02 Dec 2022 13:15:18
CVE-2022-45667 Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. Fri, 02 Dec 2022 13:14:59
CVE-2022-45664 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. Fri, 02 Dec 2022 13:14:39
CVE-2022-45663 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet func... Fri, 02 Dec 2022 13:14:17
CVE-2022-45661 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement ... Fri, 02 Dec 2022 13:13:56
CVE-2022-45660 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi f... Fri, 02 Dec 2022 13:13:42
CVE-2022-45659 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWireless... Fri, 02 Dec 2022 13:13:30
CVE-2022-45658 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi fun... Fri, 02 Dec 2022 13:13:05
CVE-2022-45657 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind functio... Fri, 02 Dec 2022 13:12:39
CVE-2022-45656 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. Fri, 02 Dec 2022 13:12:12
CVE-2022-45655 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wi... Fri, 02 Dec 2022 13:11:50
CVE-2022-45654 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_s... Fri, 02 Dec 2022 13:11:30
CVE-2022-45653 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting fun... Fri, 02 Dec 2022 13:11:09
CVE-2022-45652 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer fun... Fri, 02 Dec 2022 13:10:44
CVE-2022-45651 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer functi... Fri, 02 Dec 2022 13:10:15
CVE-2022-45650 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg... Fri, 02 Dec 2022 13:09:46
CVE-2022-45649 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer funct... Fri, 02 Dec 2022 13:09:18
CVE-2022-45648 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName fun... Fri, 02 Dec 2022 13:08:55
CVE-2022-45647 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState... Fri, 02 Dec 2022 13:08:28
CVE-2022-45646 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientSta... Fri, 02 Dec 2022 13:08:06
CVE-2022-45645 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter fu... Fri, 02 Dec 2022 13:07:42
CVE-2022-45644 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState f... Fri, 02 Dec 2022 13:07:30
CVE-2022-45643 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter fun... Fri, 02 Dec 2022 13:07:18
CVE-2022-45641 Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. Fri, 02 Dec 2022 13:07:01
CVE-2022-45674 Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. Fri, 02 Dec 2022 12:07:56
CVE-2022-45673 Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. Fri, 02 Dec 2022 12:07:33
CVE-2022-44367 Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. Fri, 02 Dec 2022 12:07:18
CVE-2022-44366 Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. Fri, 02 Dec 2022 12:06:50
CVE-2022-44365 Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. Fri, 02 Dec 2022 12:06:19
CVE-2022-44363 Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. Fri, 02 Dec 2022 12:05:58
CVE-2022-44362 Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. Fri, 02 Dec 2022 12:05:36
CVE-2022-44348 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=. Fri, 02 Dec 2022 12:05:24
CVE-2022-44347 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=. Fri, 02 Dec 2022 12:05:00
CVE-2022-44345 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=. Fri, 02 Dec 2022 12:04:45
CVE-2022-44277 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. Fri, 02 Dec 2022 12:04:18
CVE-2022-3591 Use After Free in GitHub repository vim/vim prior to 9.0.0789. Fri, 02 Dec 2022 11:29:08
CVE-2022-45483 Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (in... Fri, 02 Dec 2022 11:06:49
CVE-2022-45482 Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated us... Fri, 02 Dec 2022 11:06:20
CVE-2022-45480 PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) t... Fri, 02 Dec 2022 11:05:59
CVE-2022-43272 DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. Fri, 02 Dec 2022 11:05:37
CVE-2022-4271 Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. Fri, 02 Dec 2022 11:01:16
CVE-2022-46159 Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 ... Fri, 02 Dec 2022 10:03:55
CVE-2022-45215 A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web s... Fri, 02 Dec 2022 10:03:42
CVE-2022-46366 ** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code executio... Fri, 02 Dec 2022 09:03:58
CVE-2022-4270 Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permission... Fri, 02 Dec 2022 08:05:09
CVE-2022-2808 Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnera... Fri, 02 Dec 2022 07:07:38
CVE-2022-2807 Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. Fri, 02 Dec 2022 06:46:42
CVE-2022-45562 Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settin... Thu, 01 Dec 2022 22:08:52
CVE-2022-44930 D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. Thu, 01 Dec 2022 22:08:28
CVE-2022-44929 An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily... Thu, 01 Dec 2022 22:08:01
CVE-2022-44928 D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. Thu, 01 Dec 2022 21:07:52
CVE-2022-43325 An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Nod... Thu, 01 Dec 2022 21:07:23
CVE-2022-44212 In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. Thu, 01 Dec 2022 17:05:14
CVE-2022-44211 In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. Thu, 01 Dec 2022 17:04:45
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report