CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | Sun, 03 Jul 2022 10:19:40 |
| CVE-2022-2288 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | Sun, 03 Jul 2022 08:46:04 |
| CVE-2022-2290 | Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. | Sun, 03 Jul 2022 02:10:42 |
| CVE-2022-2287 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | Sat, 02 Jul 2022 17:26:27 |
| CVE-2022-34913 | ** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive cha... | Sat, 02 Jul 2022 16:04:42 |
| CVE-2022-34912 | An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contrib... | Sat, 02 Jul 2022 16:04:23 |
| CVE-2022-34911 | An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur ... | Sat, 02 Jul 2022 16:04:05 |
| CVE-2022-2286 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | Sat, 02 Jul 2022 15:03:12 |
| CVE-2022-2285 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | Sat, 02 Jul 2022 11:43:13 |
| CVE-2022-2284 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | Sat, 02 Jul 2022 10:34:43 |
| CVE-2022-28200 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read an... | Fri, 01 Jul 2022 20:24:37 |
| CVE-2022-32551 | Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or s... | Fri, 01 Jul 2022 20:01:58 |
| CVE-2022-34903 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and... | Fri, 01 Jul 2022 18:07:03 |
| CVE-2022-32412 | An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. | Fri, 01 Jul 2022 18:06:45 |
| CVE-2022-32411 | An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. | Fri, 01 Jul 2022 18:06:32 |
| CVE-2022-32325 | JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. | Fri, 01 Jul 2022 18:06:04 |
| CVE-2022-32324 | PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. | Fri, 01 Jul 2022 18:05:46 |
| CVE-2022-32420 | College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teach... | Fri, 01 Jul 2022 17:08:06 |
| CVE-2022-32384 | Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasi... | Fri, 01 Jul 2022 17:07:53 |
| CVE-2022-32095 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.ph... | Fri, 01 Jul 2022 17:07:39 |
| CVE-2022-32094 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlo... | Fri, 01 Jul 2022 17:07:25 |
| CVE-2022-32093 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlog... | Fri, 01 Jul 2022 17:07:05 |
| CVE-2022-31943 | MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. | Fri, 01 Jul 2022 17:06:49 |
| CVE-2022-25896 | This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being ... | Fri, 01 Jul 2022 16:14:58 |
| CVE-2022-25900 | All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of g... | Fri, 01 Jul 2022 16:10:21 |
| CVE-2022-25898 | The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signa... | Fri, 01 Jul 2022 16:09:52 |
| CVE-2022-25876 | The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send... | Fri, 01 Jul 2022 16:09:30 |
| CVE-2022-25758 | All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation(... | Fri, 01 Jul 2022 16:09:18 |
| CVE-2022-32091 | MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sani... | Fri, 01 Jul 2022 16:05:46 |
| CVE-2022-32089 | MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. | Fri, 01 Jul 2022 16:05:32 |
| CVE-2022-32088 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort... | Fri, 01 Jul 2022 16:05:01 |
| CVE-2022-32087 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | Fri, 01 Jul 2022 16:04:37 |
| CVE-2022-32086 | MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. | Fri, 01 Jul 2022 16:04:25 |
| CVE-2022-32085 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_p... | Fri, 01 Jul 2022 16:04:02 |
| CVE-2022-32084 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | Fri, 01 Jul 2022 16:03:45 |
| CVE-2022-32083 | MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tra... | Fri, 01 Jul 2022 16:03:31 |
| CVE-2022-32082 | MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | Fri, 01 Jul 2022 16:03:18 |
| CVE-2022-32081 | MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/hand... | Fri, 01 Jul 2022 16:03:01 |
| CVE-2021-37524 | Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web scri... | Fri, 01 Jul 2022 14:15:07 |
| CVE-2022-32053 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN... | Fri, 01 Jul 2022 14:14:47 |
| CVE-2022-32052 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004... | Fri, 01 Jul 2022 14:14:22 |
| CVE-2022-32051 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in... | Fri, 01 Jul 2022 14:13:54 |
| CVE-2022-32050 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN... | Fri, 01 Jul 2022 14:13:35 |
| CVE-2022-32049 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_0041... | Fri, 01 Jul 2022 14:13:12 |
| CVE-2022-32048 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_... | Fri, 01 Jul 2022 14:12:43 |
| CVE-2022-32047 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004... | Fri, 01 Jul 2022 14:12:29 |
| CVE-2022-32046 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004... | Fri, 01 Jul 2022 14:12:13 |
| CVE-2022-32045 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004... | Fri, 01 Jul 2022 14:12:00 |
| CVE-2022-32044 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN... | Fri, 01 Jul 2022 14:11:40 |
| CVE-2022-32043 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. | Fri, 01 Jul 2022 14:11:11 |
| CVE-2022-32041 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. | Fri, 01 Jul 2022 14:10:55 |
| CVE-2022-32040 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. | Fri, 01 Jul 2022 14:10:25 |
| CVE-2022-32039 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. | Fri, 01 Jul 2022 14:09:56 |
| CVE-2022-32037 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. | Fri, 01 Jul 2022 14:09:44 |
| CVE-2022-32036 | Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and tradema... | Fri, 01 Jul 2022 14:09:14 |
| CVE-2022-32035 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. | Fri, 01 Jul 2022 14:09:01 |
| CVE-2022-32034 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. | Fri, 01 Jul 2022 14:08:35 |
| CVE-2022-32033 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. | Fri, 01 Jul 2022 14:08:15 |
| CVE-2022-32032 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilte... | Fri, 01 Jul 2022 14:07:46 |
| CVE-2022-32031 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. | Fri, 01 Jul 2022 14:07:16 |
| CVE-2022-32030 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. | Fri, 01 Jul 2022 14:07:01 |
| CVE-2022-22373 | An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to cre... | Fri, 01 Jul 2022 14:06:39 |
| CVE-2022-22367 | IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local ... | Fri, 01 Jul 2022 14:06:22 |
| CVE-2022-22366 | IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be ... | Fri, 01 Jul 2022 14:06:09 |
| CVE-2022-1954 | A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0... | Fri, 01 Jul 2022 14:05:56 |
| CVE-2022-0167 | An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14... | Fri, 01 Jul 2022 14:05:41 |
| CVE-2022-31605 | NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() i... | Fri, 01 Jul 2022 13:22:25 |
| CVE-2022-31604 | NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are tra... | Fri, 01 Jul 2022 13:21:59 |
| CVE-2022-2270 | An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 1... | Fri, 01 Jul 2022 13:07:49 |
| CVE-2022-2229 | An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and ... | Fri, 01 Jul 2022 13:07:20 |
| CVE-2022-2228 | Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to ... | Fri, 01 Jul 2022 13:06:59 |
| CVE-2022-1999 | An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.... | Fri, 01 Jul 2022 13:06:34 |
| CVE-2022-1981 | An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, a... | Fri, 01 Jul 2022 13:06:15 |
| CVE-2022-1963 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting ... | Fri, 01 Jul 2022 13:05:58 |
| CVE-2022-31113 | Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerabil... | Fri, 01 Jul 2022 12:34:26 |
| CVE-2022-2281 | An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4,... | Fri, 01 Jul 2022 12:06:42 |
| CVE-2022-2254 | A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact othe... | Fri, 01 Jul 2022 12:06:20 |
| CVE-2022-2250 | An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 1... | Fri, 01 Jul 2022 12:05:59 |
| CVE-2022-2244 | An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0... | Fri, 01 Jul 2022 12:05:43 |
| CVE-2022-2243 | An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and ... | Fri, 01 Jul 2022 12:05:13 |
| CVE-2022-2235 | Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior... | Fri, 01 Jul 2022 12:04:52 |
| CVE-2022-2230 | A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 pri... | Fri, 01 Jul 2022 12:04:26 |
| CVE-2022-2227 | Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4,... | Fri, 01 Jul 2022 12:04:14 |
| CVE-2022-2185 | A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0... | Fri, 01 Jul 2022 12:03:58 |
| CVE-2022-1983 | Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior ... | Fri, 01 Jul 2022 12:03:42 |
| CVE-2022-2253 | A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the ho... | Fri, 01 Jul 2022 11:02:19 |
| CVE-2014-3650 | Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A ... | Fri, 01 Jul 2022 10:08:45 |
| CVE-2014-3648 | The simplepush server iterates through the application installations and pushes a notification to the server provided by devi... | Fri, 01 Jul 2022 10:08:27 |
| CVE-2022-2282 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All referen... | Fri, 01 Jul 2022 08:35:05 |
| CVE-2022-33103 | Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). | Fri, 01 Jul 2022 08:05:23 |
| CVE-2022-33099 | An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs... | Fri, 01 Jul 2022 08:04:56 |
| CVE-2022-2264 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | Fri, 01 Jul 2022 07:08:14 |
| CVE-2022-34894 | In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | Fri, 01 Jul 2022 06:02:46 |
| CVE-2022-2279 | NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. | Fri, 01 Jul 2022 04:26:44 |
| CVE-2022-2280 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | Fri, 01 Jul 2022 04:23:10 |
| CVE-2022-2274 | The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instru... | Fri, 01 Jul 2022 03:34:39 |
| CVE-2021-32428 | SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 ... | Thu, 30 Jun 2022 20:06:56 |
| CVE-2022-32988 | Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlis... | Thu, 30 Jun 2022 20:06:30 |
| CVE-2022-32295 | On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access ... | Thu, 30 Jun 2022 20:06:11 |
| CVE-2022-27904 | The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorr... | Thu, 30 Jun 2022 20:05:55 |