CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-39339 | The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due t... | Wed, 22 Sep 2021 07:03:49 |
| CVE-2021-38153 | Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that... | Wed, 22 Sep 2021 05:09:59 |
| CVE-2021-38112 | In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces:// URI handler can lead to ... | Tue, 21 Sep 2021 22:02:41 |
| CVE-2021-31819 | In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems... | Tue, 21 Sep 2021 21:50:52 |
| CVE-2021-41382 | Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. | Tue, 21 Sep 2021 20:06:23 |
| CVE-2020-23273 | Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial... | Tue, 21 Sep 2021 19:44:58 |
| CVE-2020-23269 | An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overfl... | Tue, 21 Sep 2021 19:44:29 |
| CVE-2020-23267 | An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based b... | Tue, 21 Sep 2021 19:44:15 |
| CVE-2020-23266 | An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which ca... | Tue, 21 Sep 2021 19:43:56 |
| CVE-2021-41087 | in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versio... | Tue, 21 Sep 2021 17:10:53 |
| CVE-2021-41086 | jsuites is an open source collection of common required javascript web components. In affected versions users are subject to ... | Tue, 21 Sep 2021 17:04:37 |
| CVE-2020-19554 | Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based X... | Tue, 21 Sep 2021 15:43:14 |
| CVE-2020-19553 | Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app... | Tue, 21 Sep 2021 15:04:47 |
| CVE-2020-19551 | Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote... | Tue, 21 Sep 2021 15:04:24 |
| CVE-2021-40847 | The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remot... | Tue, 21 Sep 2021 13:40:19 |
| CVE-2021-41084 | http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request... | Tue, 21 Sep 2021 13:23:18 |
| CVE-2021-40868 | In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. | Tue, 21 Sep 2021 13:06:51 |
| CVE-2021-23444 | This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the... | Tue, 21 Sep 2021 13:03:39 |
| CVE-2021-39230 | Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recomme... | Tue, 21 Sep 2021 12:56:51 |
| CVE-2021-23443 | This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when t... | Tue, 21 Sep 2021 12:50:59 |
| CVE-2021-29831 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection... | Tue, 21 Sep 2021 12:08:32 |
| CVE-2021-29795 | IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hype... | Tue, 21 Sep 2021 12:08:10 |
| CVE-2021-41525 | An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inv... | Tue, 21 Sep 2021 10:39:20 |
| CVE-2021-41531 | NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length para... | Tue, 21 Sep 2021 09:32:20 |
| CVE-2021-37741 | ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. | Tue, 21 Sep 2021 09:04:58 |
| CVE-2021-37424 | ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. | Tue, 21 Sep 2021 09:04:41 |
| CVE-2021-37420 | ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. | Tue, 21 Sep 2021 09:04:28 |
| CVE-2021-37419 | ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | Tue, 21 Sep 2021 09:04:10 |
| CVE-2021-28960 | ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Not... | Tue, 21 Sep 2021 09:03:51 |
| CVE-2021-0869 | In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This ... | Tue, 21 Sep 2021 09:03:24 |
| CVE-2021-31917 | A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker ... | Tue, 21 Sep 2021 07:03:30 |
| CVE-2021-26333 | An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary acc... | Tue, 21 Sep 2021 07:03:12 |
| CVE-2021-20829 | Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote... | Tue, 21 Sep 2021 05:26:43 |
| CVE-2021-20037 | SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to pri... | Tue, 21 Sep 2021 04:59:06 |
| CVE-2021-41083 | Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully craft... | Mon, 20 Sep 2021 17:35:24 |
| CVE-2021-39229 | Apprise is an open source library which allows you to send a notification to almost all of the most popular notification serv... | Mon, 20 Sep 2021 17:26:43 |
| CVE-2021-34650 | The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.ph... | Mon, 20 Sep 2021 17:04:54 |
| CVE-2021-41082 | Discourse is a platform for community discussion. In affected versions any private message that includes a group had its titl... | Mon, 20 Sep 2021 16:25:20 |
| CVE-2021-39325 | The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the... | Mon, 20 Sep 2021 16:02:10 |
| CVE-2020-16630 | TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-prot... | Mon, 20 Sep 2021 16:01:47 |
| CVE-2020-26301 | ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command inj... | Mon, 20 Sep 2021 15:45:25 |
| CVE-2020-19915 | Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | Mon, 20 Sep 2021 15:06:15 |
| CVE-2021-32838 | Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vuln... | Mon, 20 Sep 2021 13:38:22 |
| CVE-2021-32839 | sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression... | Mon, 20 Sep 2021 13:14:53 |
| CVE-2021-25741 | A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to ac... | Mon, 20 Sep 2021 13:11:44 |
| CVE-2021-25740 | A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would other... | Mon, 20 Sep 2021 13:11:15 |
| CVE-2020-8561 | A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or Vali... | Mon, 20 Sep 2021 13:10:51 |
| CVE-2021-38899 | IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-For... | Mon, 20 Sep 2021 12:54:31 |
| CVE-2021-29856 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Cr... | Mon, 20 Sep 2021 12:54:01 |
| CVE-2021-29821 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... | Mon, 20 Sep 2021 12:53:48 |
| CVE-2021-29820 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... | Mon, 20 Sep 2021 12:53:17 |
| CVE-2021-29819 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... | Mon, 20 Sep 2021 12:53:02 |
| CVE-2021-29818 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... | Mon, 20 Sep 2021 12:52:46 |
| CVE-2021-29817 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... | Mon, 20 Sep 2021 12:52:17 |
| CVE-2021-29811 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which ca... | Mon, 20 Sep 2021 12:51:59 |
| CVE-2021-29809 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This v... | Mon, 20 Sep 2021 12:51:44 |
| CVE-2021-29808 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This v... | Mon, 20 Sep 2021 12:51:14 |
| CVE-2021-29807 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This v... | Mon, 20 Sep 2021 12:50:47 |
| CVE-2021-29806 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This v... | Mon, 20 Sep 2021 12:50:18 |
| CVE-2021-39598 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function callcode() located in... | Mon, 20 Sep 2021 12:42:19 |
| CVE-2021-39597 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_dump2() located ... | Mon, 20 Sep 2021 12:42:06 |
| CVE-2021-39596 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_parse() located ... | Mon, 20 Sep 2021 12:41:39 |
| CVE-2021-39595 | An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function rfx_alloc() located in m... | Mon, 20 Sep 2021 12:41:12 |
| CVE-2021-39594 | Other An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function updateusage() l... | Mon, 20 Sep 2021 12:40:50 |
| CVE-2021-39593 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_FontExtract_Defin... | Mon, 20 Sep 2021 12:40:21 |
| CVE-2021-39592 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_uint() lo... | Mon, 20 Sep 2021 12:40:04 |
| CVE-2021-39591 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingB... | Mon, 20 Sep 2021 12:39:42 |
| CVE-2021-39590 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function params_dump() located... | Mon, 20 Sep 2021 12:39:21 |
| CVE-2021-39589 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parse_metadata() loca... | Mon, 20 Sep 2021 12:39:08 |
| CVE-2021-39588 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_ReadABC() located... | Mon, 20 Sep 2021 12:38:55 |
| CVE-2021-39587 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpABC() located... | Mon, 20 Sep 2021 12:38:39 |
| CVE-2021-39585 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located... | Mon, 20 Sep 2021 12:38:15 |
| CVE-2021-39584 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() ... | Mon, 20 Sep 2021 12:38:01 |
| CVE-2021-39583 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2()... | Mon, 20 Sep 2021 12:37:39 |
| CVE-2021-39582 | An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_GetPlaceObject() loca... | Mon, 20 Sep 2021 12:37:08 |
| CVE-2021-39579 | An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function string_hash() located in ... | Mon, 20 Sep 2021 12:36:51 |
| CVE-2021-39577 | An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function main() located in swfdump... | Mon, 20 Sep 2021 12:36:31 |
| CVE-2021-39575 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function dump_method() located... | Mon, 20 Sep 2021 12:36:13 |
| CVE-2021-39574 | An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function pool_read() located in po... | Mon, 20 Sep 2021 12:35:43 |
| CVE-2021-39569 | An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function OpAdvance() located in sw... | Mon, 20 Sep 2021 12:35:27 |
| CVE-2021-39564 | An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_DumpActions() located... | Mon, 20 Sep 2021 12:34:58 |
| CVE-2021-39563 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpActions() loc... | Mon, 20 Sep 2021 12:34:40 |
| CVE-2021-39562 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function FileStream::makeSubSt... | Mon, 20 Sep 2021 12:34:22 |
| CVE-2021-39561 | An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function Gfx::opSetFillColorN() l... | Mon, 20 Sep 2021 12:34:04 |
| CVE-2021-39559 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function GString::~GString() l... | Mon, 20 Sep 2021 12:33:42 |
| CVE-2021-39558 | An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::... | Mon, 20 Sep 2021 12:33:14 |
| CVE-2021-39557 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function copyString() located ... | Mon, 20 Sep 2021 12:32:54 |
| CVE-2021-39556 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D... | Mon, 20 Sep 2021 12:32:36 |
| CVE-2021-39555 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D... | Mon, 20 Sep 2021 12:32:12 |
| CVE-2021-39554 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function Lexer::Lexer() locate... | Mon, 20 Sep 2021 12:31:52 |
| CVE-2021-39553 | An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in... | Mon, 20 Sep 2021 12:31:35 |
| CVE-2021-39552 | An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a heap-based buffer overflo... | Mon, 20 Sep 2021 12:31:18 |
| CVE-2021-39551 | An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.c has a heap-based buffer overf... | Mon, 20 Sep 2021 12:31:06 |
| CVE-2021-39550 | An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.cpp has a heap-based buffer ove... | Mon, 20 Sep 2021 12:30:36 |
| CVE-2021-39549 | An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function file::WavFile::WavFile() ... | Mon, 20 Sep 2021 12:30:16 |
| CVE-2021-39548 | An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function frame::FrameDecoder::proc... | Mon, 20 Sep 2021 12:29:57 |
| CVE-2021-39547 | An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function lpc::SampleGenerator::pro... | Mon, 20 Sep 2021 12:29:29 |
| CVE-2021-39546 | An issue was discovered in sela through 20200412. rice::RiceDecoder::process() in rice_decoder.cpp has a heap-based buffer ov... | Mon, 20 Sep 2021 12:29:09 |
| CVE-2021-39545 | An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function rice::RiceDecoder::proces... | Mon, 20 Sep 2021 12:28:53 |
| CVE-2021-39544 | An issue was discovered in sela through 20200412. file::WavFile::writeToFile() in wav_file.c has a heap-based buffer overflow... | Mon, 20 Sep 2021 12:28:31 |