CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2022-42002 | SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and ... | Fri, 30 Sep 2022 20:04:42 |
| CVE-2022-39268 | ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not i... | Fri, 30 Sep 2022 16:27:31 |
| CVE-2022-34429 | Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially ex... | Fri, 30 Sep 2022 15:30:40 |
| CVE-2022-34428 | Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary... | Fri, 30 Sep 2022 15:30:27 |
| CVE-2021-36865 | Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress all... | Fri, 30 Sep 2022 15:10:05 |
| CVE-2022-40943 | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. | Fri, 30 Sep 2022 15:09:49 |
| CVE-2022-40923 | A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a deni... | Fri, 30 Sep 2022 15:09:18 |
| CVE-2022-40756 | If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for... | Fri, 30 Sep 2022 15:08:58 |
| CVE-2022-40341 | mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary ... | Fri, 30 Sep 2022 15:08:39 |
| CVE-2022-35156 | Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspa... | Fri, 30 Sep 2022 15:08:12 |
| CVE-2022-35155 | Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the search... | Fri, 30 Sep 2022 15:07:42 |
| CVE-2022-20945 | A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an u... | Fri, 30 Sep 2022 14:59:06 |
| CVE-2022-20930 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly co... | Fri, 30 Sep 2022 14:58:51 |
| CVE-2022-20919 | A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software a... | Fri, 30 Sep 2022 14:58:22 |
| CVE-2022-20856 | A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco I... | Fri, 30 Sep 2022 14:58:06 |
| CVE-2022-20855 | A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Acce... | Fri, 30 Sep 2022 14:57:36 |
| CVE-2022-20851 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an in... | Fri, 30 Sep 2022 14:57:08 |
| CVE-2022-20850 | A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated... | Fri, 30 Sep 2022 14:56:38 |
| CVE-2022-20848 | A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 91... | Fri, 30 Sep 2022 14:56:16 |
| CVE-2022-20847 | A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Famil... | Fri, 30 Sep 2022 14:55:59 |
| CVE-2022-20844 | A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vM... | Fri, 30 Sep 2022 14:55:46 |
| CVE-2022-20818 | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated pr... | Fri, 30 Sep 2022 14:55:29 |
| CVE-2022-20810 | A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalys... | Fri, 30 Sep 2022 14:55:01 |
| CVE-2022-20775 | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated pr... | Fri, 30 Sep 2022 14:54:43 |
| CVE-2022-20769 | A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an una... | Fri, 30 Sep 2022 14:54:13 |
| CVE-2022-20728 | A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent ... | Fri, 30 Sep 2022 14:54:01 |
| CVE-2022-20662 | A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with ph... | Fri, 30 Sep 2022 14:50:14 |
| CVE-2021-33354 | Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modif... | Fri, 30 Sep 2022 14:04:53 |
| CVE-2022-41975 | RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer... | Fri, 30 Sep 2022 14:04:30 |
| CVE-2022-41870 | AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload... | Fri, 30 Sep 2022 14:04:09 |
| CVE-2022-40944 | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. | Fri, 30 Sep 2022 14:03:56 |
| CVE-2021-36855 | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPr... | Fri, 30 Sep 2022 13:08:09 |
| CVE-2021-36854 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | Fri, 30 Sep 2022 13:07:46 |
| CVE-2021-36839 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at W... | Fri, 30 Sep 2022 13:07:19 |
| CVE-2021-36830 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress. | Fri, 30 Sep 2022 13:06:58 |
| CVE-2022-40316 | The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-edit... | Fri, 30 Sep 2022 13:06:43 |
| CVE-2022-40315 | A limited SQL injection risk was identified in the "browse list of users" site administration page. | Fri, 30 Sep 2022 13:06:24 |
| CVE-2022-40314 | A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | Fri, 30 Sep 2022 13:05:59 |
| CVE-2022-40313 | Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page ... | Fri, 30 Sep 2022 13:05:44 |
| CVE-2022-40277 | Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a ... | Fri, 30 Sep 2022 13:05:17 |
| CVE-2022-40274 | Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malici... | Fri, 30 Sep 2022 13:04:53 |
| CVE-2022-36965 | Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue ... | Fri, 30 Sep 2022 13:04:34 |
| CVE-2022-36961 | A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for p... | Fri, 30 Sep 2022 13:04:03 |
| CVE-2022-32540 | Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions ... | Fri, 30 Sep 2022 13:03:41 |
| CVE-2022-21826 | Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives ... | Fri, 30 Sep 2022 13:03:19 |
| CVE-2022-1959 | AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is poss... | Fri, 30 Sep 2022 13:02:54 |
| CVE-2022-28851 | Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.... | Fri, 30 Sep 2022 13:02:29 |
| CVE-2022-41440 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edi... | Fri, 30 Sep 2022 11:06:43 |
| CVE-2022-41439 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edi... | Fri, 30 Sep 2022 11:06:24 |
| CVE-2022-41437 | Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_acti... | Fri, 30 Sep 2022 11:05:56 |
| CVE-2022-23726 | PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication r... | Fri, 30 Sep 2022 10:39:47 |
| CVE-2022-37461 | Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to i... | Fri, 30 Sep 2022 10:05:15 |
| CVE-2022-3371 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | Fri, 30 Sep 2022 09:19:13 |
| CVE-2022-2529 | sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers c... | Fri, 30 Sep 2022 06:48:06 |
| CVE-2022-2922 | Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | Fri, 30 Sep 2022 02:49:19 |
| CVE-2022-41850 | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-af... | Fri, 30 Sep 2022 02:04:15 |
| CVE-2022-41849 | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a phys... | Fri, 30 Sep 2022 02:03:45 |
| CVE-2022-41848 | drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a ... | Fri, 30 Sep 2022 02:03:22 |
| CVE-2022-21222 | The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure... | Fri, 30 Sep 2022 01:11:42 |
| CVE-2022-41847 | An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char... | Fri, 30 Sep 2022 01:08:00 |
| CVE-2022-41846 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::Reallocate... | Fri, 30 Sep 2022 01:07:31 |
| CVE-2022-41845 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::... | Fri, 30 Sep 2022 01:07:02 |
| CVE-2022-41844 | An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vu... | Fri, 30 Sep 2022 01:06:42 |
| CVE-2022-41843 | An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability tha... | Fri, 30 Sep 2022 01:06:24 |
| CVE-2022-41842 | An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. | Fri, 30 Sep 2022 01:06:02 |
| CVE-2022-41841 | An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4Fi... | Fri, 30 Sep 2022 01:05:34 |
| CVE-2022-24373 | The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to i... | Fri, 30 Sep 2022 01:05:16 |
| CVE-2022-2778 | In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | Fri, 30 Sep 2022 00:05:44 |
| CVE-2022-41828 | In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory do... | Thu, 29 Sep 2022 17:05:32 |
| CVE-2022-3364 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | Thu, 29 Sep 2022 16:47:55 |
| CVE-2022-39232 | Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an inco... | Thu, 29 Sep 2022 16:18:52 |
| CVE-2022-39226 | Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 ... | Thu, 29 Sep 2022 16:07:00 |
| CVE-2022-40472 | ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnera... | Thu, 29 Sep 2022 16:03:26 |
| CVE-2022-36068 | Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 ... | Thu, 29 Sep 2022 15:47:38 |
| CVE-2022-36066 | Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 ... | Thu, 29 Sep 2022 15:36:55 |
| CVE-2022-35137 | DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | Thu, 29 Sep 2022 15:07:13 |
| CVE-2022-33880 | hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type p... | Thu, 29 Sep 2022 15:06:52 |
| CVE-2022-39266 | isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if th... | Thu, 29 Sep 2022 14:15:03 |
| CVE-2022-40887 | SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection. | Thu, 29 Sep 2022 13:05:08 |
| CVE-2022-40879 | kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.' | Thu, 29 Sep 2022 13:04:42 |
| CVE-2022-29503 | A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40... | Thu, 29 Sep 2022 12:39:02 |
| CVE-2022-40931 | dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS). | Thu, 29 Sep 2022 12:04:59 |
| CVE-2022-39168 | IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235... | Thu, 29 Sep 2022 11:42:57 |
| CVE-2022-38732 | SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of... | Thu, 29 Sep 2022 11:02:31 |
| CVE-2022-39254 | matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users ... | Thu, 29 Sep 2022 10:36:42 |
| CVE-2022-39252 | matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryptio... | Thu, 29 Sep 2022 10:23:07 |
| CVE-2022-40408 | FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the ... | Thu, 29 Sep 2022 10:02:55 |
| CVE-2022-40407 | A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafte... | Thu, 29 Sep 2022 10:02:36 |
| CVE-2022-40890 | A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | Thu, 29 Sep 2022 09:02:59 |
| CVE-2022-40363 | A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows... | Thu, 29 Sep 2022 09:02:43 |
| CVE-2022-39250 | Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an ... | Thu, 29 Sep 2022 09:02:15 |
| CVE-2022-40475 | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.... | Thu, 29 Sep 2022 08:07:20 |
| CVE-2022-40126 | A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges... | Thu, 29 Sep 2022 08:06:56 |
| CVE-2022-3352 | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | Thu, 29 Sep 2022 07:56:39 |
| CVE-2022-3355 | Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3. | Thu, 29 Sep 2022 05:30:04 |
| CVE-2020-35675 | BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members... | Thu, 29 Sep 2022 01:29:29 |
| CVE-2020-35674 | BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.p... | Thu, 29 Sep 2022 01:29:17 |
| CVE-2020-27602 | BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | Thu, 29 Sep 2022 01:29:03 |
| CVE-2020-27601 | In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bi... | Thu, 29 Sep 2022 01:28:35 |
| CVE-2020-15347 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. | Thu, 29 Sep 2022 01:28:08 |