CVE.report
CVE and Other Vulnerability Information
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
[rss]
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-20208 | A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container ... | Mon, 19 Apr 2021 18:06:32 |
| CVE-2021-3506 | An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions befo... | Mon, 19 Apr 2021 18:06:09 |
| CVE-2021-27458 | If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All ve... | Mon, 19 Apr 2021 17:41:40 |
| CVE-2021-3505 | A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength ... | Mon, 19 Apr 2021 17:07:25 |
| CVE-2021-3498 | GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. | Mon, 19 Apr 2021 17:07:05 |
| CVE-2021-3497 | GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | Mon, 19 Apr 2021 17:06:47 |
| CVE-2020-27241 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber para... | Mon, 19 Apr 2021 17:06:19 |
| CVE-2020-27240 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus p... | Mon, 19 Apr 2021 17:06:07 |
| CVE-2021-30199 | In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first... | Mon, 19 Apr 2021 16:06:29 |
| CVE-2021-30022 | There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a neg... | Mon, 19 Apr 2021 16:06:15 |
| CVE-2021-30020 | In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with c... | Mon, 19 Apr 2021 16:05:57 |
| CVE-2021-30019 | In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be ... | Mon, 19 Apr 2021 16:05:37 |
| CVE-2021-30015 | There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The ... | Mon, 19 Apr 2021 16:05:18 |
| CVE-2021-30014 | There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results ... | Mon, 19 Apr 2021 16:04:57 |
| CVE-2021-29279 | There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg con... | Mon, 19 Apr 2021 16:04:39 |
| CVE-2021-29455 | Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in lo... | Mon, 19 Apr 2021 15:09:28 |
| CVE-2021-31262 | The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a... | Mon, 19 Apr 2021 15:09:11 |
| CVE-2021-31261 | The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command. | Mon, 19 Apr 2021 15:08:52 |
| CVE-2021-31259 | The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer... | Mon, 19 Apr 2021 15:08:36 |
| CVE-2021-31258 | The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference... | Mon, 19 Apr 2021 15:08:22 |
| CVE-2021-31257 | The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted fi... | Mon, 19 Apr 2021 15:08:09 |
| CVE-2021-31256 | Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | Mon, 19 Apr 2021 15:07:49 |
| CVE-2021-31255 | Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execut... | Mon, 19 Apr 2021 15:07:25 |
| CVE-2021-31254 | Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execut... | Mon, 19 Apr 2021 15:07:07 |
| CVE-2021-31260 | The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted ... | Mon, 19 Apr 2021 15:06:44 |
| CVE-2021-29453 | matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo... | Mon, 19 Apr 2021 15:03:34 |
| CVE-2021-29434 | Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field... | Mon, 19 Apr 2021 14:52:49 |
| CVE-2021-29457 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A ... | Mon, 19 Apr 2021 14:37:20 |
| CVE-2021-29458 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An... | Mon, 19 Apr 2021 14:32:41 |
| CVE-2021-20527 | IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another u... | Mon, 19 Apr 2021 12:23:59 |
| CVE-2021-27031 | A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review caus... | Mon, 19 Apr 2021 12:06:21 |
| CVE-2021-27030 | A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnera... | Mon, 19 Apr 2021 12:06:08 |
| CVE-2021-27029 | The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's... | Mon, 19 Apr 2021 12:05:54 |
| CVE-2021-27028 | A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously ... | Mon, 19 Apr 2021 12:05:35 |
| CVE-2021-27027 | A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through malic... | Mon, 19 Apr 2021 12:05:05 |
| CVE-2020-28141 | The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user ca... | Mon, 19 Apr 2021 12:04:50 |
| CVE-2021-21981 | VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignm... | Mon, 19 Apr 2021 11:01:45 |
| CVE-2021-20992 | In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP proto... | Mon, 19 Apr 2021 10:09:11 |
| CVE-2021-20991 | In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root... | Mon, 19 Apr 2021 10:08:40 |
| CVE-2021-20990 | In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible o... | Mon, 19 Apr 2021 10:08:12 |
| CVE-2021-20989 | Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to p... | Mon, 19 Apr 2021 10:07:50 |
| CVE-2021-21070 | Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lea... | Mon, 19 Apr 2021 09:05:21 |
| CVE-2020-7851 | Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow... | Mon, 19 Apr 2021 09:04:51 |
| CVE-2021-29399 | XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of... | Mon, 19 Apr 2021 07:43:34 |
| CVE-2021-23381 | This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to e... | Sun, 18 Apr 2021 14:52:18 |
| CVE-2021-23380 | This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this p... | Sun, 18 Apr 2021 14:51:51 |
| CVE-2021-23379 | This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker... | Sun, 18 Apr 2021 14:51:23 |
| CVE-2021-23377 | This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is ... | Sun, 18 Apr 2021 14:51:01 |
| CVE-2021-23376 | This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is... | Sun, 18 Apr 2021 14:50:41 |
| CVE-2021-23375 | This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible ... | Sun, 18 Apr 2021 14:50:19 |
| CVE-2021-23374 | This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possi... | Sun, 18 Apr 2021 14:50:00 |
| CVE-2021-23378 | This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible ... | Sun, 18 Apr 2021 14:43:57 |
| CVE-2021-3493 | The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of fil... | Sat, 17 Apr 2021 00:25:41 |
| CVE-2021-3492 | Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring durin... | Sat, 17 Apr 2021 00:25:21 |
| CVE-2020-36195 | An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on.... | Fri, 16 Apr 2021 23:52:58 |
| CVE-2020-2509 | A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows atta... | Fri, 16 Apr 2021 23:52:28 |
| CVE-2021-29446 | jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the A... | Fri, 16 Apr 2021 18:03:26 |
| CVE-2021-29445 | jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the A... | Fri, 16 Apr 2021 17:54:48 |
| CVE-2021-29444 | jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AE... | Fri, 16 Apr 2021 17:48:43 |
| CVE-2021-29451 | Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature o... | Fri, 16 Apr 2021 17:45:49 |
| CVE-2021-29452 | a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing... | Fri, 16 Apr 2021 17:37:41 |
| CVE-2021-31348 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while... | Fri, 16 Apr 2021 16:35:36 |
| CVE-2021-31347 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while... | Fri, 16 Apr 2021 16:35:24 |
| CVE-2021-29443 | jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A1... | Fri, 16 Apr 2021 16:34:54 |
| CVE-2021-26830 | SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. Thi... | Fri, 16 Apr 2021 16:34:42 |
| CVE-2020-9681 | Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenti... | Fri, 16 Apr 2021 16:34:22 |
| CVE-2020-9668 | Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symboli... | Fri, 16 Apr 2021 16:33:53 |
| CVE-2020-9667 | Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenti... | Fri, 16 Apr 2021 16:33:23 |
| CVE-2021-27394 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications usin... | Fri, 16 Apr 2021 16:00:54 |
| CVE-2021-20491 | IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during... | Fri, 16 Apr 2021 15:53:51 |
| CVE-2021-22539 | An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows... | Fri, 16 Apr 2021 15:53:35 |
| CVE-2021-31414 | The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted works... | Fri, 16 Apr 2021 15:53:05 |
| CVE-2021-27692 | Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remot... | Fri, 16 Apr 2021 15:52:51 |
| CVE-2021-27691 | Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G... | Fri, 16 Apr 2021 15:52:35 |
| CVE-2021-26074 | Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spri... | Fri, 16 Apr 2021 15:52:14 |
| CVE-2021-26073 | Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express i... | Fri, 16 Apr 2021 15:51:46 |
| CVE-2018-19942 | A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this v... | Fri, 16 Apr 2021 15:51:33 |
| CVE-2021-21405 | Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method... | Thu, 15 Apr 2021 17:37:50 |
| CVE-2021-29450 | Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-pr... | Thu, 15 Apr 2021 17:23:54 |
| CVE-2021-29447 | Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in... | Thu, 15 Apr 2021 17:11:35 |
| CVE-2021-29431 | Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lac... | Thu, 15 Apr 2021 17:04:28 |
| CVE-2021-29432 | Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Syden... | Thu, 15 Apr 2021 16:47:37 |
| CVE-2021-29430 | Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A mal... | Thu, 15 Apr 2021 16:37:28 |
| CVE-2021-30245 | The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The probl... | Thu, 15 Apr 2021 15:35:29 |
| CVE-2021-31402 | The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerabili... | Thu, 15 Apr 2021 15:06:02 |
| CVE-2021-28055 | An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which mi... | Thu, 15 Apr 2021 15:05:34 |
| CVE-2020-28898 | In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a serve... | Thu, 15 Apr 2021 14:44:56 |
| CVE-2021-26582 | A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on H... | Thu, 15 Apr 2021 14:04:15 |
| CVE-2021-29433 | ### Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause e... | Thu, 15 Apr 2021 13:59:44 |
| CVE-2021-3243 | Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with ... | Thu, 15 Apr 2021 13:04:46 |
| CVE-2021-27112 | LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during th... | Thu, 15 Apr 2021 11:41:46 |
| CVE-2021-29448 | Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hol... | Thu, 15 Apr 2021 11:29:49 |
| CVE-2021-31229 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling wh... | Thu, 15 Apr 2021 11:04:42 |
| CVE-2021-20288 | An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requ... | Thu, 15 Apr 2021 10:40:25 |
| CVE-2021-30209 | Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without an... | Thu, 15 Apr 2021 10:14:56 |
| CVE-2021-28549 | Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when par... | Thu, 15 Apr 2021 10:14:33 |
| CVE-2021-28548 | Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when par... | Thu, 15 Apr 2021 10:14:13 |
| CVE-2021-28242 | SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database... | Thu, 15 Apr 2021 10:13:46 |
| CVE-2021-27673 | Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote att... | Thu, 15 Apr 2021 10:13:29 |
| CVE-2021-27672 | SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obt... | Thu, 15 Apr 2021 10:13:07 |