CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-23758 | All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserializati... | Fri, 03 Dec 2021 15:09:31 |
| CVE-2021-44349 | SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.p... | Fri, 03 Dec 2021 15:06:34 |
| CVE-2021-44348 | SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. | Fri, 03 Dec 2021 15:06:20 |
| CVE-2021-35346 | tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(i... | Fri, 03 Dec 2021 15:06:08 |
| CVE-2021-35344 | tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStre... | Fri, 03 Dec 2021 15:05:55 |
| CVE-2021-23562 | This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacke... | Fri, 03 Dec 2021 15:05:28 |
| CVE-2021-44352 | A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a pos... | Fri, 03 Dec 2021 14:05:02 |
| CVE-2021-44347 | SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. | Fri, 03 Dec 2021 14:04:47 |
| CVE-2021-29867 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not h... | Fri, 03 Dec 2021 12:05:44 |
| CVE-2021-29756 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could al... | Fri, 03 Dec 2021 12:05:25 |
| CVE-2021-29719 | IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an ... | Fri, 03 Dec 2021 12:05:05 |
| CVE-2021-29716 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should on... | Fri, 03 Dec 2021 12:04:35 |
| CVE-2021-38909 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr... | Fri, 03 Dec 2021 12:04:19 |
| CVE-2021-20493 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr... | Fri, 03 Dec 2021 12:04:04 |
| CVE-2021-20470 | IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it ea... | Fri, 03 Dec 2021 12:03:37 |
| CVE-2021-3980 | elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | Fri, 03 Dec 2021 10:10:04 |
| CVE-2021-43991 | The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (al... | Fri, 03 Dec 2021 10:06:40 |
| CVE-2021-43676 | matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. | Fri, 03 Dec 2021 09:04:22 |
| CVE-2021-44278 | Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. | Fri, 03 Dec 2021 08:03:31 |
| CVE-2021-43674 | ** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. | Fri, 03 Dec 2021 08:03:07 |
| CVE-2021-43673 | dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of exit fu... | Fri, 03 Dec 2021 07:04:27 |
| CVE-2021-44022 | A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installa... | Fri, 03 Dec 2021 05:58:52 |
| CVE-2021-44021 | An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to e... | Fri, 03 Dec 2021 05:58:21 |
| CVE-2021-44020 | An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to e... | Fri, 03 Dec 2021 05:58:00 |
| CVE-2021-44019 | An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to e... | Fri, 03 Dec 2021 05:57:34 |
| CVE-2021-43772 | Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modif... | Fri, 03 Dec 2021 05:57:16 |
| CVE-2021-4000 | showdoc is vulnerable to URL Redirection to Untrusted Site | Fri, 03 Dec 2021 05:53:33 |
| CVE-2021-25785 | Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. | Thu, 02 Dec 2021 18:08:20 |
| CVE-2021-25784 | Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | Thu, 02 Dec 2021 18:08:08 |
| CVE-2021-25783 | Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. | Thu, 02 Dec 2021 18:07:46 |
| CVE-2020-29177 | Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php. | Thu, 02 Dec 2021 18:07:23 |
| CVE-2020-29176 | An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG ... | Thu, 02 Dec 2021 18:07:00 |
| CVE-2021-28237 | LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | Thu, 02 Dec 2021 17:09:55 |
| CVE-2021-28236 | LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. | Thu, 02 Dec 2021 17:09:37 |
| CVE-2020-36135 | AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c. | Thu, 02 Dec 2021 17:09:13 |
| CVE-2020-36134 | AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c. | Thu, 02 Dec 2021 17:08:55 |
| CVE-2020-36133 | AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. | Thu, 02 Dec 2021 17:08:35 |
| CVE-2020-36131 | AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c. | Thu, 02 Dec 2021 17:08:13 |
| CVE-2020-36130 | AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. | Thu, 02 Dec 2021 17:07:53 |
| CVE-2020-36129 | AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. | Thu, 02 Dec 2021 17:07:24 |
| CVE-2021-43327 | An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key fro... | Thu, 02 Dec 2021 15:06:45 |
| CVE-2021-44050 | CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to in... | Thu, 02 Dec 2021 14:02:28 |
| CVE-2021-40334 | Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows a... | Thu, 02 Dec 2021 14:02:15 |
| CVE-2021-40333 | Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to th... | Thu, 02 Dec 2021 14:01:56 |
| CVE-2021-43795 | Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file ... | Thu, 02 Dec 2021 13:04:19 |
| CVE-2015-20106 | The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perf... | Thu, 02 Dec 2021 12:41:27 |
| CVE-2015-20105 | The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacke... | Thu, 02 Dec 2021 12:41:04 |
| CVE-2021-44518 | An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code... | Thu, 02 Dec 2021 12:05:35 |
| CVE-2021-3944 | bookstack is vulnerable to Cross-Site Request Forgery (CSRF) | Thu, 02 Dec 2021 11:47:22 |
| CVE-2021-23264 | Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete sear... | Thu, 02 Dec 2021 10:51:15 |
| CVE-2021-23263 | Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of... | Thu, 02 Dec 2021 10:50:52 |
| CVE-2021-23262 | Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. | Thu, 02 Dec 2021 10:50:38 |
| CVE-2021-23261 | Authenticated administrators may override the system configuration file and cause a denial of service. | Thu, 02 Dec 2021 10:50:22 |
| CVE-2021-23260 | Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other... | Thu, 02 Dec 2021 10:50:00 |
| CVE-2021-23259 | Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to r... | Thu, 02 Dec 2021 10:49:45 |
| CVE-2021-23258 | Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Ex... | Thu, 02 Dec 2021 10:49:16 |
| CVE-2021-43679 | ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. | Thu, 02 Dec 2021 10:05:56 |
| CVE-2021-43682 | thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.cl... | Thu, 02 Dec 2021 09:03:33 |
| CVE-2021-43686 | nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminat... | Thu, 02 Dec 2021 08:07:34 |
| CVE-2021-43683 | pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate th... | Thu, 02 Dec 2021 08:07:13 |
| CVE-2021-43681 | SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit func... | Thu, 02 Dec 2021 08:06:46 |
| CVE-2021-26777 | Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator... | Wed, 01 Dec 2021 23:04:43 |
| CVE-2020-27414 | Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information... | Wed, 01 Dec 2021 23:04:29 |
| CVE-2021-44227 | In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) t... | Wed, 01 Dec 2021 22:05:53 |
| CVE-2021-43791 | Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions... | Wed, 01 Dec 2021 19:17:13 |
| CVE-2021-42711 | Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is ... | Wed, 01 Dec 2021 18:06:22 |
| CVE-2020-35037 | The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in ... | Wed, 01 Dec 2021 17:55:39 |
| CVE-2020-35012 | The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement,... | Wed, 01 Dec 2021 17:55:18 |
| CVE-2021-33274 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... | Wed, 01 Dec 2021 17:07:07 |
| CVE-2021-33271 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... | Wed, 01 Dec 2021 17:06:52 |
| CVE-2021-33270 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... | Wed, 01 Dec 2021 17:06:39 |
| CVE-2021-33269 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... | Wed, 01 Dec 2021 17:06:19 |
| CVE-2021-33268 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... | Wed, 01 Dec 2021 17:06:04 |
| CVE-2021-33267 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... | Wed, 01 Dec 2021 17:05:44 |
| CVE-2021-33266 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... | Wed, 01 Dec 2021 17:05:26 |
| CVE-2021-33265 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... | Wed, 01 Dec 2021 17:04:58 |
| CVE-2021-43137 | Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the ... | Wed, 01 Dec 2021 15:03:43 |
| CVE-2021-43794 | Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. no... | Wed, 01 Dec 2021 14:48:42 |
| CVE-2021-43793 | Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to v... | Wed, 01 Dec 2021 14:48:13 |
| CVE-2021-43792 | Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the... | Wed, 01 Dec 2021 14:45:09 |
| CVE-2021-41039 | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties ... | Wed, 01 Dec 2021 14:40:25 |
| CVE-2021-43451 | SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forge... | Wed, 01 Dec 2021 14:01:51 |
| CVE-2021-38575 | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | Wed, 01 Dec 2021 12:45:55 |
| CVE-2021-29863 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to ... | Wed, 01 Dec 2021 12:14:06 |
| CVE-2021-29849 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScr... | Wed, 01 Dec 2021 12:13:37 |
| CVE-2021-29779 | IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange... | Wed, 01 Dec 2021 12:13:19 |
| CVE-2021-20400 | IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly... | Wed, 01 Dec 2021 12:12:49 |
| CVE-2021-42776 | CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. | Wed, 01 Dec 2021 12:06:00 |
| CVE-2021-44480 | Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a... | Wed, 01 Dec 2021 11:07:16 |
| CVE-2021-26334 | The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead t... | Wed, 01 Dec 2021 11:06:58 |
| CVE-2021-20611 | Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Seri... | Wed, 01 Dec 2021 11:06:44 |
| CVE-2021-20610 | Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" a... | Wed, 01 Dec 2021 11:06:27 |
| CVE-2021-20609 | Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC i... | Wed, 01 Dec 2021 11:06:10 |
| CVE-2021-43687 | chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker ... | Wed, 01 Dec 2021 11:05:55 |
| CVE-2021-43685 | libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/c... | Wed, 01 Dec 2021 11:05:28 |
| CVE-2020-10627 | Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless... | Wed, 01 Dec 2021 11:05:08 |
| CVE-2021-44479 | NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB I... | Wed, 01 Dec 2021 10:04:21 |
| CVE-2021-43689 | manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/Go... | Wed, 01 Dec 2021 10:04:05 |
| CVE-2021-40154 | NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request ... | Wed, 01 Dec 2021 10:03:43 |
| CVE-2021-44279 | Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. | Wed, 01 Dec 2021 09:02:25 |