CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-42943 Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web... Tue, 17 May 2022 07:07:38
CVE-2022-1723 Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. Tue, 17 May 2022 04:41:40
CVE-2022-26650 In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) t... Tue, 17 May 2022 04:08:54
CVE-2013-10001 A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification... Tue, 17 May 2022 03:33:31
CVE-2022-1753 A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is respons... Tue, 17 May 2022 01:22:37
CVE-2022-23670 A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10... Mon, 16 May 2022 17:06:39
CVE-2022-23668 A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager vers... Mon, 16 May 2022 17:06:14
CVE-2022-23667 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... Mon, 16 May 2022 17:05:44
CVE-2022-1587 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre... Mon, 16 May 2022 17:05:31
CVE-2022-1586 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the ... Mon, 16 May 2022 17:05:14
CVE-2022-23666 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... Mon, 16 May 2022 16:12:36
CVE-2022-23665 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... Mon, 16 May 2022 16:12:20
CVE-2022-23664 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... Mon, 16 May 2022 16:11:51
CVE-2022-23663 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... Mon, 16 May 2022 16:11:30
CVE-2022-23662 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... Mon, 16 May 2022 16:11:18
CVE-2022-23661 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 an... Mon, 16 May 2022 16:11:06
CVE-2022-23660 A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6... Mon, 16 May 2022 16:10:41
CVE-2022-23659 A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10... Mon, 16 May 2022 16:10:14
CVE-2022-23658 A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6... Mon, 16 May 2022 16:09:49
CVE-2022-23657 A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6... Mon, 16 May 2022 16:09:18
CVE-2022-1731 Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or S... Mon, 16 May 2022 15:08:36
CVE-2021-33025 xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. Mon, 16 May 2022 14:10:05
CVE-2021-33021 xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisal... Mon, 16 May 2022 14:09:51
CVE-2021-33001 xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisva... Mon, 16 May 2022 14:09:33
CVE-2021-27446 The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute c... Mon, 16 May 2022 14:09:20
CVE-2021-27444 The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker t... Mon, 16 May 2022 14:09:04
CVE-2021-27442 The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remo... Mon, 16 May 2022 14:08:40
CVE-2022-30697 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Wind... Mon, 16 May 2022 14:08:27
CVE-2022-30696 Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Wi... Mon, 16 May 2022 14:07:56
CVE-2022-30695 Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acr... Mon, 16 May 2022 14:07:26
CVE-2022-1679 A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_ht... Mon, 16 May 2022 14:07:05
CVE-2022-30126 In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to ... Mon, 16 May 2022 13:15:58
CVE-2022-25169 The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully ... Mon, 16 May 2022 13:15:37
CVE-2021-23267 Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated de... Mon, 16 May 2022 13:12:53
CVE-2021-23266 An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages ... Mon, 16 May 2022 13:12:37
CVE-2021-23265 A logged-in and authenticated user with a Reviewer Role may lock a content item. Mon, 16 May 2022 13:12:23
CVE-2022-30055 Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. Mon, 16 May 2022 13:07:36
CVE-2022-30050 Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. Mon, 16 May 2022 13:07:19
CVE-2021-33318 An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpM... Mon, 16 May 2022 12:02:34
CVE-2022-1728 Mon, 16 May 2022 11:01:44
CVE-2022-1726 Mon, 16 May 2022 11:01:25
CVE-2022-1725 Mon, 16 May 2022 10:58:26
CVE-2022-30523 Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation V... Mon, 16 May 2022 10:54:09
CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-... Mon, 16 May 2022 10:53:43
CVE-2022-1721 Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web applicatio... Mon, 16 May 2022 10:53:29
CVE-2022-1720 Mon, 16 May 2022 10:53:06
CVE-2022-1719 Mon, 16 May 2022 10:52:46
CVE-2022-1718 Mon, 16 May 2022 10:52:18
CVE-2022-1713 SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its ... Mon, 16 May 2022 10:52:00
CVE-2022-1553 Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.... Mon, 16 May 2022 10:51:30
CVE-2022-0578 Code Injection in GitHub repository publify/publify prior to 9.2.8. Mon, 16 May 2022 10:51:07
CVE-2022-0574 Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Mon, 16 May 2022 10:50:52
CVE-2022-0573 JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to Do... Mon, 16 May 2022 10:50:22
CVE-2021-25119 The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the ex... Mon, 16 May 2022 10:46:34
CVE-2022-1560 The Amministrazione Aperta WordPress plugin through 3.7.3 does not validate the open parameter before using it in an include ... Mon, 16 May 2022 10:46:04
CVE-2022-1559 The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribu... Mon, 16 May 2022 10:45:45
CVE-2022-1557 The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its ... Mon, 16 May 2022 10:45:32
CVE-2022-1512 The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high pr... Mon, 16 May 2022 10:45:08
CVE-2022-1465 The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputti... Mon, 16 May 2022 10:44:40
CVE-2022-1455 The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a ... Mon, 16 May 2022 10:44:21
CVE-2022-1436 The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter be... Mon, 16 May 2022 10:43:53
CVE-2022-1435 The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow... Mon, 16 May 2022 10:43:25
CVE-2022-1425 The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate t... Mon, 16 May 2022 10:43:02
CVE-2022-1418 The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settin... Mon, 16 May 2022 10:42:49
CVE-2022-1409 The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high priv... Mon, 16 May 2022 10:42:32
CVE-2022-1408 The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting th... Mon, 16 May 2022 10:42:14
CVE-2022-1407 The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a track... Mon, 16 May 2022 10:41:53
CVE-2022-1398 The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medi... Mon, 16 May 2022 10:41:39
CVE-2022-1393 The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle].... Mon, 16 May 2022 10:41:27
CVE-2022-1386 The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which c... Mon, 16 May 2022 10:41:05
CVE-2022-1349 The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate t... Mon, 16 May 2022 10:40:52
CVE-2022-1334 The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could... Mon, 16 May 2022 10:40:33
CVE-2022-1267 The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it bac... Mon, 16 May 2022 10:40:18
CVE-2022-1265 The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could a... Mon, 16 May 2022 10:39:52
CVE-2022-1217 The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before ou... Mon, 16 May 2022 10:39:37
CVE-2022-1216 The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputt... Mon, 16 May 2022 10:39:24
CVE-2022-1182 The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them... Mon, 16 May 2022 10:38:59
CVE-2022-1103 The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, ... Mon, 16 May 2022 10:38:42
CVE-2022-1089 The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which cou... Mon, 16 May 2022 10:38:19
CVE-2022-1062 The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high priv... Mon, 16 May 2022 10:38:05
CVE-2022-1051 The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise a... Mon, 16 May 2022 10:37:42
CVE-2022-0873 The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in... Mon, 16 May 2022 10:37:13
CVE-2022-0867 The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is be... Mon, 16 May 2022 10:36:55
CVE-2021-42897 A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_nam... Mon, 16 May 2022 10:08:30
CVE-2021-42870 ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request. Mon, 16 May 2022 10:08:11
CVE-2022-30777 Parallels H-Sphere 3.6.2 allows XSS via the index_en.php from parameter. Mon, 16 May 2022 10:07:47
CVE-2022-30776 atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. Mon, 16 May 2022 10:07:35
CVE-2022-30013 A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arb... Mon, 16 May 2022 10:07:17
CVE-2022-29623 An arbitrary file upload vulnerability in the file upload module of Connect-Multiparty v2.2.0 allows attackers to execute arb... Mon, 16 May 2022 10:06:47
CVE-2022-29622 An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename... Mon, 16 May 2022 10:06:24
CVE-2022-29354 An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary cod... Mon, 16 May 2022 10:06:00
CVE-2022-29353 An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitr... Mon, 16 May 2022 10:05:40
CVE-2022-29351 An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary ... Mon, 16 May 2022 10:05:15
CVE-2022-29017 Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S. Mon, 16 May 2022 10:04:50
CVE-2022-30012 In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, a... Mon, 16 May 2022 09:06:32
CVE-2022-30011 In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. Mon, 16 May 2022 09:06:04
CVE-2022-29586 Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port,... Mon, 16 May 2022 02:05:26
CVE-2022-30782 Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure ra... Mon, 16 May 2022 02:05:02
CVE-2022-29588 Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and ... Mon, 16 May 2022 02:04:39
CVE-2022-29587 Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser)... Mon, 16 May 2022 02:04:21
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report