CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2022-46359 | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code... | Mon, 30 Jan 2023 03:07:15 |
| CVE-2022-46358 | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code... | Mon, 30 Jan 2023 03:06:56 |
| CVE-2022-46357 | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code... | Mon, 30 Jan 2023 03:06:34 |
| CVE-2022-46356 | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code... | Mon, 30 Jan 2023 03:06:13 |
| CVE-2023-22333 | Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arb... | Mon, 30 Jan 2023 01:53:51 |
| CVE-2023-22332 | Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4... | Mon, 30 Jan 2023 01:53:37 |
| CVE-2023-22324 | SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to... | Mon, 30 Jan 2023 01:53:21 |
| CVE-2023-22322 | Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier... | Mon, 30 Jan 2023 01:53:03 |
| CVE-2023-24623 | Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for ... | Mon, 30 Jan 2023 00:07:35 |
| CVE-2023-24622 | isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for externa... | Mon, 30 Jan 2023 00:07:17 |
| CVE-2022-25967 | Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configu... | Mon, 30 Jan 2023 00:06:52 |
| CVE-2022-25936 | Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePat... | Mon, 30 Jan 2023 00:06:23 |
| CVE-2022-48303 | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Ex... | Sun, 29 Jan 2023 23:04:31 |
| CVE-2023-24612 | The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. | Sun, 29 Jan 2023 22:05:35 |
| CVE-2022-27596 | A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remot... | Sun, 29 Jan 2023 21:03:45 |
| CVE-2021-46873 | WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to ... | Sun, 29 Jan 2023 18:05:18 |
| CVE-2023-0572 | Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. | Sun, 29 Jan 2023 17:41:11 |
| CVE-2023-24065 | NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing use... | Sun, 29 Jan 2023 17:05:02 |
| CVE-2023-0566 | Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | Sun, 29 Jan 2023 16:44:33 |
| CVE-2023-0565 | Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10. | Sun, 29 Jan 2023 16:41:05 |
| CVE-2016-15022 | A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability ... | Sun, 29 Jan 2023 14:05:02 |
| CVE-2009-10003 | A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unkno... | Sun, 29 Jan 2023 14:04:41 |
| CVE-2023-0571 | A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerabil... | Sun, 29 Jan 2023 13:03:32 |
| CVE-2023-0570 | A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. ... | Sun, 29 Jan 2023 13:03:05 |
| CVE-2023-0569 | Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | Sun, 29 Jan 2023 11:29:31 |
| CVE-2022-48285 | loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. | Sun, 29 Jan 2023 00:17:36 |
| CVE-2023-0564 | Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | Sat, 28 Jan 2023 20:07:21 |
| CVE-2021-4315 | A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown c... | Sat, 28 Jan 2023 18:07:11 |
| CVE-2023-0563 | A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unk... | Sat, 28 Jan 2023 18:06:49 |
| CVE-2023-0562 | A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this is... | Sat, 28 Jan 2023 18:06:35 |
| CVE-2023-0561 | A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. ... | Sat, 28 Jan 2023 12:04:36 |
| CVE-2023-0560 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System ... | Sat, 28 Jan 2023 12:04:11 |
| CVE-2023-23629 | Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intend... | Fri, 27 Jan 2023 21:04:48 |
| CVE-2023-23628 | Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an ... | Fri, 27 Jan 2023 21:04:28 |
| CVE-2023-23627 | Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site... | Fri, 27 Jan 2023 19:06:38 |
| CVE-2023-23624 | Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the... | Fri, 27 Jan 2023 19:06:16 |
| CVE-2023-23621 | Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the... | Fri, 27 Jan 2023 19:06:02 |
| CVE-2023-23617 | OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filt... | Fri, 27 Jan 2023 19:05:46 |
| CVE-2023-22737 | wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09... | Fri, 27 Jan 2023 19:05:17 |
| CVE-2023-23616 | Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` ... | Fri, 27 Jan 2023 18:54:07 |
| CVE-2023-23620 | Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` ... | Fri, 27 Jan 2023 18:48:06 |
| CVE-2022-39324 | Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can c... | Fri, 27 Jan 2023 18:02:16 |
| CVE-2022-23552 | Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.1... | Fri, 27 Jan 2023 18:01:58 |
| CVE-2023-0558 | The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptib... | Fri, 27 Jan 2023 17:12:37 |
| CVE-2023-0557 | The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.... | Fri, 27 Jan 2023 17:12:25 |
| CVE-2023-0556 | The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several fun... | Fri, 27 Jan 2023 17:11:58 |
| CVE-2022-46968 | A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers ... | Fri, 27 Jan 2023 17:11:40 |
| CVE-2022-43980 | There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attack... | Fri, 27 Jan 2023 17:11:23 |
| CVE-2022-43979 | There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the pa... | Fri, 27 Jan 2023 17:10:53 |
| CVE-2022-43978 | There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid ses... | Fri, 27 Jan 2023 17:10:29 |
| CVE-2022-39813 | Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j... | Fri, 27 Jan 2023 17:10:14 |
| CVE-2022-39812 | Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated u... | Fri, 27 Jan 2023 17:09:55 |
| CVE-2022-39811 | Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/Sav... | Fri, 27 Jan 2023 17:09:38 |
| CVE-2022-4255 | An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prio... | Fri, 27 Jan 2023 17:09:21 |
| CVE-2022-4205 | In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. | Fri, 27 Jan 2023 17:09:00 |
| CVE-2022-4201 | A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows a... | Fri, 27 Jan 2023 17:08:37 |
| CVE-2023-0555 | The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its... | Fri, 27 Jan 2023 16:08:05 |
| CVE-2023-0554 | The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, ... | Fri, 27 Jan 2023 16:07:38 |
| CVE-2023-0553 | The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in ve... | Fri, 27 Jan 2023 16:07:19 |
| CVE-2023-0550 | The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and inclu... | Fri, 27 Jan 2023 16:06:52 |
| CVE-2019-25053 | A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to ... | Fri, 27 Jan 2023 16:06:25 |
| CVE-2022-48108 | D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/Su... | Fri, 27 Jan 2023 16:05:58 |
| CVE-2022-48107 | D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IP... | Fri, 27 Jan 2023 16:05:28 |
| CVE-2022-39380 | Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Con... | Fri, 27 Jan 2023 16:05:10 |
| CVE-2022-48118 | Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. | Fri, 27 Jan 2023 15:03:47 |
| CVE-2022-48116 | AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php... | Fri, 27 Jan 2023 15:03:21 |
| CVE-2021-41231 | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to uploa... | Fri, 27 Jan 2023 14:04:22 |
| CVE-2021-41144 | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block bl... | Fri, 27 Jan 2023 14:04:05 |
| CVE-2021-41143 | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the custome... | Fri, 27 Jan 2023 14:03:49 |
| CVE-2023-0549 | A vulnerability, which was classified as problematic, has been found in YAFNET 3.1.9/3.1.10. This issue affects some unknown ... | Fri, 27 Jan 2023 14:03:35 |
| CVE-2021-39217 | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute a... | Fri, 27 Jan 2023 13:06:01 |
| CVE-2023-22242 | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affec... | Fri, 27 Jan 2023 13:05:31 |
| CVE-2023-22241 | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affec... | Fri, 27 Jan 2023 13:05:19 |
| CVE-2023-22240 | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affec... | Fri, 27 Jan 2023 13:05:05 |
| CVE-2022-48013 | Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.... | Fri, 27 Jan 2023 13:04:41 |
| CVE-2022-48012 | Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/in... | Fri, 27 Jan 2023 13:04:11 |
| CVE-2022-48011 | Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors f... | Fri, 27 Jan 2023 13:03:45 |
| CVE-2022-48010 | LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/su... | Fri, 27 Jan 2023 13:03:19 |
| CVE-2022-48008 | An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code... | Fri, 27 Jan 2023 13:02:59 |
| CVE-2022-48007 | A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitra... | Fri, 27 Jan 2023 13:02:40 |
| CVE-2022-4335 | A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior ... | Fri, 27 Jan 2023 13:02:26 |
| CVE-2022-4285 | An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version inform... | Fri, 27 Jan 2023 13:02:04 |
| CVE-2022-4139 | An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory c... | Fri, 27 Jan 2023 13:01:45 |
| CVE-2021-21395 | Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 1... | Fri, 27 Jan 2023 11:05:16 |
| CVE-2022-48073 | Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. | Fri, 27 Jan 2023 10:05:39 |
| CVE-2022-48072 | Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automa... | Fri, 27 Jan 2023 10:05:25 |
| CVE-2022-48071 | Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. | Fri, 27 Jan 2023 10:05:08 |
| CVE-2022-48070 | Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the auto... | Fri, 27 Jan 2023 10:04:47 |
| CVE-2022-48069 | Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. | Fri, 27 Jan 2023 10:04:20 |
| CVE-2022-48067 | An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a br... | Fri, 27 Jan 2023 10:04:00 |
| CVE-2022-48066 | An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted c... | Fri, 27 Jan 2023 10:03:45 |
| CVE-2022-47632 | Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege manag... | Fri, 27 Jan 2023 10:03:22 |
| CVE-2022-44718 | An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful l... | Fri, 27 Jan 2023 09:06:07 |
| CVE-2022-44717 | An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful l... | Fri, 27 Jan 2023 09:05:50 |
| CVE-2022-44715 | Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a ... | Fri, 27 Jan 2023 09:05:32 |
| CVE-2022-44298 | SiteServer CMS 7.1.3 is vulnerable to SQL Injection. | Fri, 27 Jan 2023 09:05:16 |
| CVE-2022-44029 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6... | Fri, 27 Jan 2023 09:04:49 |
| CVE-2022-44028 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6... | Fri, 27 Jan 2023 09:04:24 |
| CVE-2022-44027 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6... | Fri, 27 Jan 2023 09:04:01 |
| CVE-2022-44026 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6... | Fri, 27 Jan 2023 09:03:39 |