CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-38965 | IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands... | Mon, 17 Jan 2022 12:16:28 |
| CVE-2021-33040 | managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS. | Mon, 17 Jan 2022 12:06:39 |
| CVE-2022-0258 | pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | Mon, 17 Jan 2022 10:28:01 |
| CVE-2022-0257 | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Mon, 17 Jan 2022 10:27:46 |
| CVE-2022-0256 | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Mon, 17 Jan 2022 10:20:09 |
| CVE-2021-3862 | icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Mon, 17 Jan 2022 08:54:03 |
| CVE-2022-0240 | mruby is vulnerable to NULL Pointer Dereference | Mon, 17 Jan 2022 08:38:49 |
| CVE-2022-0253 | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Mon, 17 Jan 2022 08:20:26 |
| CVE-2021-25067 | The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post... | Mon, 17 Jan 2022 08:06:58 |
| CVE-2021-25065 | The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in c... | Mon, 17 Jan 2022 08:06:32 |
| CVE-2021-25061 | The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calenda... | Mon, 17 Jan 2022 08:06:17 |
| CVE-2021-25046 | The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a ca... | Mon, 17 Jan 2022 08:05:58 |
| CVE-2021-25037 | The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered ... | Mon, 17 Jan 2022 08:05:44 |
| CVE-2021-25036 | The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during a... | Mon, 17 Jan 2022 08:05:24 |
| CVE-2021-25025 | The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event... | Mon, 17 Jan 2022 08:05:02 |
| CVE-2021-25024 | The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, lea... | Mon, 17 Jan 2022 08:04:37 |
| CVE-2021-25005 | The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege user... | Mon, 17 Jan 2022 08:04:15 |
| CVE-2021-24909 | The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf... | Mon, 17 Jan 2022 08:03:51 |
| CVE-2021-24838 | The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the ... | Mon, 17 Jan 2022 08:03:26 |
| CVE-2021-4164 | calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) | Mon, 17 Jan 2022 07:39:10 |
| CVE-2021-3857 | chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Mon, 17 Jan 2022 06:38:06 |
| CVE-2021-3853 | chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Mon, 17 Jan 2022 06:27:23 |
| CVE-2021-4171 | calibre-web is vulnerable to Business Logic Errors | Mon, 17 Jan 2022 04:45:46 |
| CVE-2022-0184 | Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver... | Mon, 17 Jan 2022 04:19:44 |
| CVE-2022-0183 | Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all ... | Mon, 17 Jan 2022 04:19:28 |
| CVE-2022-0182 | Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated att... | Mon, 17 Jan 2022 04:19:12 |
| CVE-2022-0181 | Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to in... | Mon, 17 Jan 2022 04:18:49 |
| CVE-2022-0180 | Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to... | Mon, 17 Jan 2022 04:18:21 |
| CVE-2022-0131 | Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnera... | Mon, 17 Jan 2022 04:17:56 |
| CVE-2022-0239 | corenlp is vulnerable to Improper Restriction of XML External Entity Reference | Mon, 17 Jan 2022 01:18:37 |
| CVE-2022-23304 | The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks a... | Sun, 16 Jan 2022 21:08:03 |
| CVE-2022-23303 | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a ... | Sun, 16 Jan 2022 21:07:44 |
| CVE-2021-4170 | calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Sun, 16 Jan 2022 16:00:10 |
| CVE-2022-0235 | node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | Sun, 16 Jan 2022 12:10:28 |
| CVE-2022-0238 | phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | Sun, 16 Jan 2022 05:36:46 |
| CVE-2021-44537 | ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to rem... | Sat, 15 Jan 2022 16:04:13 |
| CVE-2021-33828 | The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that ha... | Sat, 15 Jan 2022 16:03:54 |
| CVE-2021-33827 | The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. | Sat, 15 Jan 2022 16:03:32 |
| CVE-2021-42555 | Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. | Sat, 15 Jan 2022 12:08:41 |
| CVE-2021-35969 | Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation. | Sat, 15 Jan 2022 12:08:11 |
| CVE-2021-33499 | Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2). | Sat, 15 Jan 2022 12:07:49 |
| CVE-2021-33498 | Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2). | Sat, 15 Jan 2022 12:07:21 |
| CVE-2021-32545 | Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation. | Sat, 15 Jan 2022 12:07:09 |
| CVE-2020-28919 | A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker... | Sat, 15 Jan 2022 12:06:55 |
| CVE-2021-44049 | CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privilege... | Sat, 15 Jan 2022 10:07:03 |
| CVE-2022-23178 | An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switc... | Sat, 15 Jan 2022 10:06:38 |
| CVE-2022-23095 | Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted J... | Sat, 15 Jan 2022 10:06:18 |
| CVE-2021-33963 | China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST r... | Sat, 15 Jan 2022 05:01:46 |
| CVE-2022-23094 | Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) vi... | Fri, 14 Jan 2022 21:02:19 |
| CVE-2021-24044 | By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions... | Fri, 14 Jan 2022 19:41:49 |
| CVE-2021-23566 | The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce ... | Fri, 14 Jan 2022 16:16:31 |
| CVE-2021-46171 | Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c. | Fri, 14 Jan 2022 16:03:24 |
| CVE-2021-46170 | An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js... | Fri, 14 Jan 2022 16:03:02 |
| CVE-2021-46169 | Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache. | Fri, 14 Jan 2022 16:02:47 |
| CVE-2021-46168 | Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c. | Fri, 14 Jan 2022 16:02:22 |
| CVE-2021-42067 | In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 78... | Fri, 14 Jan 2022 15:40:04 |
| CVE-2021-39684 | In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the ... | Fri, 14 Jan 2022 15:39:34 |
| CVE-2021-39683 | In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead t... | Fri, 14 Jan 2022 15:39:20 |
| CVE-2021-39682 | In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This c... | Fri, 14 Jan 2022 15:38:56 |
| CVE-2021-39681 | In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local ... | Fri, 14 Jan 2022 15:38:38 |
| CVE-2021-39680 | In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lea... | Fri, 14 Jan 2022 15:38:09 |
| CVE-2021-39679 | In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to loca... | Fri, 14 Jan 2022 15:37:46 |
| CVE-2021-39678 | In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation o... | Fri, 14 Jan 2022 15:37:18 |
| CVE-2021-39659 | In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency ... | Fri, 14 Jan 2022 15:36:55 |
| CVE-2021-39634 | In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional ex... | Fri, 14 Jan 2022 15:36:32 |
| CVE-2021-39633 | In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local ... | Fri, 14 Jan 2022 15:36:07 |
| CVE-2021-39632 | In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to loc... | Fri, 14 Jan 2022 15:35:50 |
| CVE-2021-39630 | In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to... | Fri, 14 Jan 2022 15:35:30 |
| CVE-2021-39629 | In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could ... | Fri, 14 Jan 2022 15:35:17 |
| CVE-2021-39628 | In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code.... | Fri, 14 Jan 2022 15:34:54 |
| CVE-2021-39627 | In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe Pend... | Fri, 14 Jan 2022 15:34:42 |
| CVE-2021-39626 | In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This co... | Fri, 14 Jan 2022 15:34:21 |
| CVE-2021-39625 | In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to Medi... | Fri, 14 Jan 2022 15:34:02 |
| CVE-2021-39623 | In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could l... | Fri, 14 Jan 2022 15:33:33 |
| CVE-2021-39622 | In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to l... | Fri, 14 Jan 2022 15:33:19 |
| CVE-2021-39621 | In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe Pend... | Fri, 14 Jan 2022 15:33:00 |
| CVE-2021-39620 | In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to l... | Fri, 14 Jan 2022 15:32:45 |
| CVE-2021-39618 | In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user conse... | Fri, 14 Jan 2022 15:32:20 |
| CVE-2021-0959 | In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead ... | Fri, 14 Jan 2022 15:31:51 |
| CVE-2021-46195 | GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability... | Fri, 14 Jan 2022 15:31:28 |
| CVE-2021-46022 | An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation f... | Fri, 14 Jan 2022 15:31:12 |
| CVE-2021-46021 | An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fa... | Fri, 14 Jan 2022 15:30:52 |
| CVE-2021-46020 | An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash. | Fri, 14 Jan 2022 15:30:38 |
| CVE-2021-46019 | An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or ... | Fri, 14 Jan 2022 15:30:11 |
| CVE-2021-45782 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... | Fri, 14 Jan 2022 15:29:59 |
| CVE-2021-45781 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... | Fri, 14 Jan 2022 15:29:39 |
| CVE-2021-45780 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... | Fri, 14 Jan 2022 15:29:26 |
| CVE-2021-45779 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... | Fri, 14 Jan 2022 15:29:12 |
| CVE-2021-45778 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... | Fri, 14 Jan 2022 15:29:00 |
| CVE-2021-45775 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... | Fri, 14 Jan 2022 15:28:38 |
| CVE-2021-45774 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... | Fri, 14 Jan 2022 15:28:07 |
| CVE-2021-45773 | A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e ca... | Fri, 14 Jan 2022 15:27:49 |
| CVE-2021-45769 | A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segm... | Fri, 14 Jan 2022 15:27:26 |
| CVE-2021-45767 | GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability... | Fri, 14 Jan 2022 15:27:05 |
| CVE-2021-45764 | GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra(). | Fri, 14 Jan 2022 15:26:39 |
| CVE-2021-45406 | In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query whil... | Fri, 14 Jan 2022 15:26:25 |
| CVE-2021-45068 | Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected ... | Fri, 14 Jan 2022 15:25:59 |
| CVE-2021-45067 | Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected ... | Fri, 14 Jan 2022 15:25:40 |
| CVE-2021-45064 | Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected ... | Fri, 14 Jan 2022 15:25:13 |
| CVE-2021-45063 | Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected ... | Fri, 14 Jan 2022 15:24:49 |