CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-41559 | Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a c... | Tue, 28 Jun 2022 18:06:31 |
| CVE-2022-31887 | Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password... | Tue, 28 Jun 2022 18:06:18 |
| CVE-2022-31884 | Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other user... | Tue, 28 Jun 2022 18:05:56 |
| CVE-2022-29858 | Silverstripe silverstripe/assets through 1.10 allows XSS. | Tue, 28 Jun 2022 18:05:26 |
| CVE-2022-25238 | Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content... | Tue, 28 Jun 2022 18:04:58 |
| CVE-2022-24444 | Silverstripe silverstripe/framework through 4.10 allows Session Fixation. | Tue, 28 Jun 2022 18:04:44 |
| CVE-2020-19897 | A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via... | Tue, 28 Jun 2022 18:04:26 |
| CVE-2020-19896 | File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. | Tue, 28 Jun 2022 18:04:07 |
| CVE-2022-31886 | Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the ... | Tue, 28 Jun 2022 17:04:06 |
| CVE-2022-31885 | Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. | Tue, 28 Jun 2022 17:03:51 |
| CVE-2022-31883 | Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to se... | Tue, 28 Jun 2022 17:03:25 |
| CVE-2022-2246 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All referen... | Tue, 28 Jun 2022 16:03:29 |
| CVE-2021-3435 | Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more infor... | Tue, 28 Jun 2022 15:56:10 |
| CVE-2021-3434 | Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more... | Tue, 28 Jun 2022 15:55:54 |
| CVE-2021-3433 | Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional C... | Tue, 28 Jun 2022 15:55:35 |
| CVE-2021-3432 | Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more info... | Tue, 28 Jun 2022 15:55:14 |
| CVE-2021-3431 | Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more i... | Tue, 28 Jun 2022 15:54:52 |
| CVE-2021-3430 | Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). Fo... | Tue, 28 Jun 2022 15:54:21 |
| CVE-2022-2231 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | Tue, 28 Jun 2022 15:27:06 |
| CVE-2022-31230 | Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious... | Tue, 28 Jun 2022 14:45:38 |
| CVE-2022-31229 | Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could pot... | Tue, 28 Jun 2022 14:45:12 |
| CVE-2022-31108 | Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to cr... | Tue, 28 Jun 2022 14:41:23 |
| CVE-2022-31061 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and sof... | Tue, 28 Jun 2022 14:07:12 |
| CVE-2022-28621 | A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE h... | Tue, 28 Jun 2022 14:06:45 |
| CVE-2022-31068 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and sof... | Tue, 28 Jun 2022 13:59:22 |
| CVE-2022-31056 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and sof... | Tue, 28 Jun 2022 13:55:29 |
| CVE-2022-2145 | Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. Duri... | Tue, 28 Jun 2022 13:52:13 |
| CVE-2022-31106 | Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to v... | Tue, 28 Jun 2022 13:32:58 |
| CVE-2022-31052 | Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of... | Tue, 28 Jun 2022 13:12:08 |
| CVE-2021-40553 | piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | Tue, 28 Jun 2022 13:03:58 |
| CVE-2022-33108 | XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. | Tue, 28 Jun 2022 13:03:37 |
| CVE-2022-0987 | A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue... | Tue, 28 Jun 2022 13:03:21 |
| CVE-2021-3779 | A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explic... | Tue, 28 Jun 2022 12:33:44 |
| CVE-2022-0085 | Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | Tue, 28 Jun 2022 11:04:38 |
| CVE-2022-30563 | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can l... | Tue, 28 Jun 2022 10:07:11 |
| CVE-2022-30562 | If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-i... | Tue, 28 Jun 2022 10:06:53 |
| CVE-2022-30561 | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log... | Tue, 28 Jun 2022 10:06:37 |
| CVE-2022-30560 | When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could... | Tue, 28 Jun 2022 10:06:08 |
| CVE-2022-23763 | Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. R... | Tue, 28 Jun 2022 10:05:55 |
| CVE-2021-41690 | DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded i... | Tue, 28 Jun 2022 09:13:59 |
| CVE-2021-41689 | DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query it... | Tue, 28 Jun 2022 09:13:41 |
| CVE-2021-41688 | DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in ... | Tue, 28 Jun 2022 09:13:21 |
| CVE-2021-41687 | DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not fre... | Tue, 28 Jun 2022 09:12:53 |
| CVE-2021-40944 | In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/... | Tue, 28 Jun 2022 09:12:30 |
| CVE-2021-40943 | In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Des... | Tue, 28 Jun 2022 09:12:11 |
| CVE-2021-40609 | The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box comma... | Tue, 28 Jun 2022 09:11:43 |
| CVE-2021-40608 | The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the M... | Tue, 28 Jun 2022 09:11:31 |
| CVE-2021-40607 | The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box comma... | Tue, 28 Jun 2022 09:11:07 |
| CVE-2021-40606 | The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box co... | Tue, 28 Jun 2022 09:10:51 |
| CVE-2021-41460 | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. | Tue, 28 Jun 2022 09:10:31 |
| CVE-2022-34750 | An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand ... | Tue, 28 Jun 2022 09:10:02 |
| CVE-2022-23896 | Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). | Tue, 28 Jun 2022 09:09:50 |
| CVE-2022-30997 | Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may all... | Tue, 28 Jun 2022 06:12:30 |
| CVE-2022-30707 | Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM ... | Tue, 28 Jun 2022 06:12:13 |
| CVE-2022-29519 | Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4... | Tue, 28 Jun 2022 06:11:57 |
| CVE-2022-0624 | Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. | Tue, 28 Jun 2022 05:15:36 |
| CVE-2017-20107 | A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown fu... | Tue, 28 Jun 2022 02:49:18 |
| CVE-2017-20106 | A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown p... | Tue, 28 Jun 2022 02:48:56 |
| CVE-2017-20105 | A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The... | Tue, 28 Jun 2022 02:48:33 |
| CVE-2017-20104 | A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of t... | Tue, 28 Jun 2022 02:48:13 |
| CVE-2022-34134 | Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/contr... | Mon, 27 Jun 2022 20:05:39 |
| CVE-2022-34133 | Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at ... | Mon, 27 Jun 2022 20:05:14 |
| CVE-2022-34132 | Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/contro... | Mon, 27 Jun 2022 20:04:44 |
| CVE-2022-31104 | Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for Web... | Mon, 27 Jun 2022 19:22:19 |
| CVE-2022-32995 | Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | Mon, 27 Jun 2022 19:02:34 |
| CVE-2022-32994 | Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upl... | Mon, 27 Jun 2022 19:02:20 |
| CVE-2022-33009 | A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HT... | Mon, 27 Jun 2022 19:01:58 |
| CVE-2022-31103 | lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0... | Mon, 27 Jun 2022 18:32:30 |
| CVE-2022-31101 | prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versio... | Mon, 27 Jun 2022 18:25:27 |
| CVE-2022-31099 | rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, poss... | Mon, 27 Jun 2022 18:20:51 |
| CVE-2022-31100 | rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly en... | Mon, 27 Jun 2022 18:16:33 |
| CVE-2022-31098 | Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubern... | Mon, 27 Jun 2022 18:12:37 |
| CVE-2022-33007 | TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genac... | Mon, 27 Jun 2022 18:05:33 |
| CVE-2022-32092 | D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_exp... | Mon, 27 Jun 2022 18:05:18 |
| CVE-2017-20103 | A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part ... | Mon, 27 Jun 2022 17:56:42 |
| CVE-2022-33879 | The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient... | Mon, 27 Jun 2022 17:52:44 |
| CVE-2022-31096 | Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an emai... | Mon, 27 Jun 2022 17:45:04 |
| CVE-2022-31093 | NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can ... | Mon, 27 Jun 2022 17:42:05 |
| CVE-2022-31092 | Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying d... | Mon, 27 Jun 2022 17:33:44 |
| CVE-2022-31091 | Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affecte... | Mon, 27 Jun 2022 17:29:32 |
| CVE-2022-31090 | Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions wh... | Mon, 27 Jun 2022 17:23:56 |
| CVE-2022-31089 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions ... | Mon, 27 Jun 2022 17:15:27 |
| CVE-2022-31094 | ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) eas... | Mon, 27 Jun 2022 17:08:25 |
| CVE-2021-40942 | In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c... | Mon, 27 Jun 2022 17:03:59 |
| CVE-2022-33116 | An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and belo... | Mon, 27 Jun 2022 17:03:41 |
| CVE-2022-33005 | A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.0... | Mon, 27 Jun 2022 17:03:28 |
| CVE-2022-31085 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... | Mon, 27 Jun 2022 17:03:11 |
| CVE-2022-31084 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... | Mon, 27 Jun 2022 17:02:49 |
| CVE-2022-31086 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... | Mon, 27 Jun 2022 16:59:28 |
| CVE-2022-31087 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... | Mon, 27 Jun 2022 16:52:10 |
| CVE-2022-31088 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... | Mon, 27 Jun 2022 16:48:20 |
| CVE-2022-31082 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and sof... | Mon, 27 Jun 2022 16:34:27 |
| CVE-2022-31081 | HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could... | Mon, 27 Jun 2022 16:27:20 |
| CVE-2022-31077 | KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts a... | Mon, 27 Jun 2022 16:18:43 |
| CVE-2022-31076 | KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts a... | Mon, 27 Jun 2022 16:14:25 |
| CVE-2022-31064 | BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cros... | Mon, 27 Jun 2022 15:56:47 |
| CVE-2022-31065 | BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their use... | Mon, 27 Jun 2022 15:50:33 |
| CVE-2022-31057 | Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to... | Mon, 27 Jun 2022 15:35:42 |
| CVE-2022-31039 | Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room'... | Mon, 27 Jun 2022 15:31:15 |
| CVE-2022-31036 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vu... | Mon, 27 Jun 2022 15:20:07 |