CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-20837 | Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Ty... | Tue, 26 Oct 2021 01:21:43 |
| CVE-2021-41308 | Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit... | Tue, 26 Oct 2021 00:20:30 |
| CVE-2021-41307 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of privat... | Tue, 26 Oct 2021 00:20:01 |
| CVE-2021-41306 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filte... | Tue, 26 Oct 2021 00:19:38 |
| CVE-2021-41305 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private proj... | Tue, 26 Oct 2021 00:19:19 |
| CVE-2021-41304 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaS... | Tue, 26 Oct 2021 00:19:04 |
| CVE-2021-41105 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a sof... | Mon, 25 Oct 2021 18:14:38 |
| CVE-2021-41145 | Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementa... | Mon, 25 Oct 2021 18:11:19 |
| CVE-2021-41179 | Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.... | Mon, 25 Oct 2021 18:04:47 |
| CVE-2021-38260 | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescrip... | Mon, 25 Oct 2021 18:04:23 |
| CVE-2021-38258 | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). | Mon, 25 Oct 2021 18:03:55 |
| CVE-2021-41178 | Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file travers... | Mon, 25 Oct 2021 18:00:15 |
| CVE-2021-41177 | Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Serv... | Mon, 25 Oct 2021 17:53:59 |
| CVE-2021-39224 | Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1... | Mon, 25 Oct 2021 17:50:09 |
| CVE-2021-39225 | Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.... | Mon, 25 Oct 2021 17:43:00 |
| CVE-2021-39223 | Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8... | Mon, 25 Oct 2021 17:39:12 |
| CVE-2021-39221 | Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was... | Mon, 25 Oct 2021 15:14:06 |
| CVE-2021-39220 | Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.... | Mon, 25 Oct 2021 15:02:33 |
| CVE-2021-34864 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... | Mon, 25 Oct 2021 13:18:17 |
| CVE-2021-34863 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... | Mon, 25 Oct 2021 13:17:54 |
| CVE-2021-34862 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... | Mon, 25 Oct 2021 13:17:38 |
| CVE-2021-34861 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... | Mon, 25 Oct 2021 13:17:19 |
| CVE-2021-34860 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DA... | Mon, 25 Oct 2021 13:16:56 |
| CVE-2021-34859 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User ... | Mon, 25 Oct 2021 13:16:38 |
| CVE-2021-34857 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... | Mon, 25 Oct 2021 13:16:13 |
| CVE-2021-34856 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... | Mon, 25 Oct 2021 13:15:52 |
| CVE-2021-34855 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16... | Mon, 25 Oct 2021 13:15:34 |
| CVE-2021-34854 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... | Mon, 25 Oct 2021 13:15:18 |
| CVE-2021-41176 | Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodact... | Mon, 25 Oct 2021 12:56:10 |
| CVE-2021-37624 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a sof... | Mon, 25 Oct 2021 12:14:40 |
| CVE-2021-21319 | Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malic... | Mon, 25 Oct 2021 12:03:39 |
| CVE-2021-41035 | In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible... | Mon, 25 Oct 2021 11:08:25 |
| CVE-2020-20908 | Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execu... | Mon, 25 Oct 2021 11:02:17 |
| CVE-2021-0939 | In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could l... | Mon, 25 Oct 2021 10:16:34 |
| CVE-2021-0938 | In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could... | Mon, 25 Oct 2021 10:16:21 |
| CVE-2021-0661 | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... | Mon, 25 Oct 2021 10:16:05 |
| CVE-2021-0631 | In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service w... | Mon, 25 Oct 2021 10:15:53 |
| CVE-2021-0630 | In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service w... | Mon, 25 Oct 2021 10:15:32 |
| CVE-2021-0625 | In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with ... | Mon, 25 Oct 2021 10:15:05 |
| CVE-2021-0618 | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... | Mon, 25 Oct 2021 10:14:44 |
| CVE-2021-0616 | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... | Mon, 25 Oct 2021 10:14:21 |
| CVE-2021-0615 | In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information dis... | Mon, 25 Oct 2021 10:14:02 |
| CVE-2021-0613 | In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... | Mon, 25 Oct 2021 10:13:34 |
| CVE-2021-0414 | In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... | Mon, 25 Oct 2021 10:13:08 |
| CVE-2021-0413 | In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information ... | Mon, 25 Oct 2021 10:12:47 |
| CVE-2021-0411 | In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information dis... | Mon, 25 Oct 2021 10:12:34 |
| CVE-2021-0410 | In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... | Mon, 25 Oct 2021 10:12:14 |
| CVE-2021-0409 | In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... | Mon, 25 Oct 2021 10:11:49 |
| CVE-2021-0941 | In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local ... | Mon, 25 Oct 2021 10:11:30 |
| CVE-2021-0940 | In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privil... | Mon, 25 Oct 2021 10:11:06 |
| CVE-2021-0936 | In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalat... | Mon, 25 Oct 2021 10:10:53 |
| CVE-2021-0935 | In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escala... | Mon, 25 Oct 2021 10:10:27 |
| CVE-2021-0663 | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... | Mon, 25 Oct 2021 10:10:08 |
| CVE-2021-0662 | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... | Mon, 25 Oct 2021 10:09:52 |
| CVE-2021-0634 | In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of pr... | Mon, 25 Oct 2021 10:09:38 |
| CVE-2021-0633 | In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalat... | Mon, 25 Oct 2021 10:09:13 |
| CVE-2021-0632 | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information d... | Mon, 25 Oct 2021 10:09:01 |
| CVE-2021-0617 | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... | Mon, 25 Oct 2021 10:08:47 |
| CVE-2021-0614 | In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... | Mon, 25 Oct 2021 10:08:27 |
| CVE-2021-0412 | In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information ... | Mon, 25 Oct 2021 10:08:06 |
| CVE-2017-20007 | Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive inf... | Mon, 25 Oct 2021 10:07:40 |
| CVE-2020-14264 | "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConne... | Mon, 25 Oct 2021 09:44:10 |
| CVE-2021-24885 | The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, l... | Mon, 25 Oct 2021 09:34:01 |
| CVE-2021-24884 | The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a>... | Mon, 25 Oct 2021 09:33:36 |
| CVE-2021-24785 | The Great Quotes WordPress plugin through 1.0.0 does not sanitise and escape the Quote and Author fields of its Quotes, which... | Mon, 25 Oct 2021 09:33:14 |
| CVE-2021-24779 | The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any ca... | Mon, 25 Oct 2021 09:32:57 |
| CVE-2021-24774 | The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters bef... | Mon, 25 Oct 2021 09:32:30 |
| CVE-2021-24769 | The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using i... | Mon, 25 Oct 2021 09:32:06 |
| CVE-2021-24744 | The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outp... | Mon, 25 Oct 2021 09:31:52 |
| CVE-2021-24699 | The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow u... | Mon, 25 Oct 2021 09:31:31 |
| CVE-2021-24662 | The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQ... | Mon, 25 Oct 2021 09:31:11 |
| CVE-2021-24653 | The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitise the Cookie Bar Message setting, which could allow hig... | Mon, 25 Oct 2021 09:30:57 |
| CVE-2021-24608 | The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise... | Mon, 25 Oct 2021 09:30:40 |
| CVE-2021-24544 | The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allow... | Mon, 25 Oct 2021 09:30:13 |
| CVE-2021-24543 | The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise... | Mon, 25 Oct 2021 09:29:43 |
| CVE-2021-24515 | The Video Gallery – Vimeo and YouTube Gallery WordPress plugin through 1.1.4 does not escape the Title and Description of t... | Mon, 25 Oct 2021 09:29:30 |
| CVE-2021-24514 | The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege user... | Mon, 25 Oct 2021 09:29:17 |
| CVE-2021-24489 | The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin das... | Mon, 25 Oct 2021 09:29:02 |
| CVE-2021-24487 | The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display ... | Mon, 25 Oct 2021 09:28:35 |
| CVE-2021-24485 | The Special Text Boxes WordPress plugin through 5.9.109 does not sanitise or escape some of its settings, which could allow h... | Mon, 25 Oct 2021 09:28:14 |
| CVE-2021-24414 | The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, all... | Mon, 25 Oct 2021 09:27:54 |
| CVE-2021-24381 | The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form f... | Mon, 25 Oct 2021 09:27:41 |
| CVE-2021-25977 | In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a... | Mon, 25 Oct 2021 09:16:52 |
| CVE-2021-35231 | As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker... | Mon, 25 Oct 2021 09:06:48 |
| CVE-2021-40865 | An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth... | Mon, 25 Oct 2021 08:31:27 |
| CVE-2021-38294 | A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache ... | Mon, 25 Oct 2021 08:31:00 |
| CVE-2021-40527 | Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and includi... | Mon, 25 Oct 2021 07:03:53 |
| CVE-2021-40526 | Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to tr... | Mon, 25 Oct 2021 07:03:34 |
| CVE-2021-40371 | Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as de... | Mon, 25 Oct 2021 03:06:07 |
| CVE-2021-21703 | In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with m... | Mon, 25 Oct 2021 01:43:28 |
| CVE-2021-42258 | BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as ... | Fri, 22 Oct 2021 18:03:39 |
| CVE-2020-36502 | Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename par... | Fri, 22 Oct 2021 16:25:16 |
| CVE-2020-36501 | Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arb... | Fri, 22 Oct 2021 16:24:54 |
| CVE-2020-36499 | TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the c... | Fri, 22 Oct 2021 16:24:35 |
| CVE-2020-36498 | Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account r... | Fri, 22 Oct 2021 16:24:07 |
| CVE-2020-36497 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_home... | Fri, 22 Oct 2021 16:23:48 |
| CVE-2020-36496 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_use... | Fri, 22 Oct 2021 16:23:34 |
| CVE-2020-36495 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_v... | Fri, 22 Oct 2021 16:23:04 |
| CVE-2020-36494 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edi... | Fri, 22 Oct 2021 16:22:47 |
| CVE-2020-36493 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.ph... | Fri, 22 Oct 2021 16:22:23 |