CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-25200 Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary ... Wed, 28 Jul 2021 12:41:00
CVE-2021-23417 All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function. Wed, 28 Jul 2021 12:20:18
CVE-2021-23416 This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize th... Wed, 28 Jul 2021 12:20:04
CVE-2021-23415 This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is ... Wed, 28 Jul 2021 12:19:42
CVE-2021-34166 A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and... Wed, 28 Jul 2021 11:43:35
CVE-2021-34165 A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and... Wed, 28 Jul 2021 11:43:17
CVE-2021-37601 muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members... Wed, 28 Jul 2021 10:46:17
CVE-2021-37600 An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use syst... Wed, 28 Jul 2021 10:45:49
CVE-2020-10590 Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console ... Wed, 28 Jul 2021 08:48:05
CVE-2020-5004 IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS... Wed, 28 Jul 2021 08:30:48
CVE-2020-4974 IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker t... Wed, 28 Jul 2021 08:30:32
CVE-2021-32000 A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUS... Wed, 28 Jul 2021 05:38:36
CVE-2021-32001 A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the d... Wed, 28 Jul 2021 05:28:26
CVE-2021-23414 This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute a... Wed, 28 Jul 2021 03:20:33
CVE-2021-36983 replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/repla... Wed, 28 Jul 2021 00:48:10
CVE-2021-20789 Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupS... Tue, 27 Jul 2021 20:53:15
CVE-2021-20788 Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prio... Tue, 27 Jul 2021 20:53:03
CVE-2021-20787 Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0,... Tue, 27 Jul 2021 20:52:48
CVE-2021-20786 Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior... Tue, 27 Jul 2021 20:52:19
CVE-2021-20785 Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0,... Tue, 27 Jul 2021 20:52:00
CVE-2021-20783 Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentic... Tue, 27 Jul 2021 20:51:32
CVE-2021-37596 Telegram Web K Alpha 0.6.1 allows XSS via a document name. Tue, 27 Jul 2021 20:41:44
CVE-2021-37595 In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input ... Tue, 27 Jul 2021 20:41:26
CVE-2021-37594 In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input ... Tue, 27 Jul 2021 20:40:56
CVE-2021-37593 PEEL Shopping before 9.4.0.1 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL qu... Tue, 27 Jul 2021 20:40:26
CVE-2020-26180 Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an acces... Tue, 27 Jul 2021 20:14:07
CVE-2020-5351 Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is p... Tue, 27 Jul 2021 20:13:46
CVE-2020-5341 Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and... Tue, 27 Jul 2021 20:13:16
CVE-2020-20701 A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web ... Tue, 27 Jul 2021 19:46:45
CVE-2020-20700 A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary we... Tue, 27 Jul 2021 19:46:15
CVE-2020-20699 A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a ... Tue, 27 Jul 2021 19:45:49
CVE-2020-20698 A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of ... Tue, 27 Jul 2021 19:45:22
CVE-2021-37588 In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. Tue, 27 Jul 2021 19:42:36
CVE-2021-37587 In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Tue, 27 Jul 2021 19:42:11
CVE-2021-32796 xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom... Tue, 27 Jul 2021 17:50:26
CVE-2021-32788 Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator ... Tue, 27 Jul 2021 17:44:14
CVE-2021-32748 Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform... Tue, 27 Jul 2021 17:12:15
CVE-2020-19118 Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. Tue, 27 Jul 2021 15:42:56
CVE-2021-30483 isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. Tue, 27 Jul 2021 15:42:36
CVE-2020-21806 SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php.. Tue, 27 Jul 2021 13:43:03
CVE-2020-18013 SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm. Tue, 27 Jul 2021 12:44:59
CVE-2020-16839 On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed b... Tue, 27 Jul 2021 12:44:31
CVE-2021-36605 engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list pag... Tue, 27 Jul 2021 12:44:07
CVE-2021-28966 In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with T... Tue, 27 Jul 2021 12:43:40
CVE-2021-28674 The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outs... Tue, 27 Jul 2021 12:43:19
CVE-2021-34432 In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic... Tue, 27 Jul 2021 11:27:52
CVE-2020-14999 A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows mem... Tue, 27 Jul 2021 09:46:21
CVE-2021-36004 Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An una... Tue, 27 Jul 2021 09:46:09
CVE-2021-35479 Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function thr... Tue, 27 Jul 2021 08:45:25
CVE-2021-35478 Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All p... Tue, 27 Jul 2021 08:44:56
CVE-2021-34802 A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authe... Tue, 27 Jul 2021 08:44:32
CVE-2021-20562 IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site ... Tue, 27 Jul 2021 07:31:04
CVE-2021-20399 IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack ... Tue, 27 Jul 2021 07:30:52
CVE-2021-36766 Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashbo... Tue, 27 Jul 2021 03:47:35
CVE-2021-36754 PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535... Tue, 27 Jul 2021 03:47:18
CVE-2021-35472 An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing... Tue, 27 Jul 2021 03:46:54
CVE-2021-35458 Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter. Tue, 27 Jul 2021 03:46:35
CVE-2021-32610 In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than ... Tue, 27 Jul 2021 03:46:12
CVE-2021-32558 An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.... Tue, 27 Jul 2021 03:45:46
CVE-2021-31878 An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be re... Tue, 27 Jul 2021 03:45:26
CVE-2021-28095 OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collision... Tue, 27 Jul 2021 03:45:12
CVE-2021-28094 OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due t... Tue, 27 Jul 2021 03:44:53
CVE-2021-28093 OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to us... Tue, 27 Jul 2021 03:44:41
CVE-2020-11511 The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instr... Tue, 27 Jul 2021 02:48:53
CVE-2021-37576 arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause ... Mon, 26 Jul 2021 18:04:43
CVE-2020-18430 tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a de... Mon, 26 Jul 2021 18:04:23
CVE-2020-18428 tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a de... Mon, 26 Jul 2021 18:04:00
CVE-2021-37555 TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To... Mon, 26 Jul 2021 17:07:21
CVE-2020-23243 Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature. Mon, 26 Jul 2021 17:07:06
CVE-2020-23242 Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature. Mon, 26 Jul 2021 17:06:37
CVE-2020-23241 Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. Mon, 26 Jul 2021 17:06:23
CVE-2020-23240 Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. Mon, 26 Jul 2021 16:43:26
CVE-2020-18174 A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. Mon, 26 Jul 2021 16:06:03
CVE-2020-18173 A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. Mon, 26 Jul 2021 16:05:42
CVE-2020-18172 A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privile... Mon, 26 Jul 2021 16:05:30
CVE-2020-18171 TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted... Mon, 26 Jul 2021 16:05:14
CVE-2020-18170 An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privi... Mon, 26 Jul 2021 16:04:58
CVE-2020-18169 A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privi... Mon, 26 Jul 2021 16:04:38
CVE-2020-23239 Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. Mon, 26 Jul 2021 16:04:18
CVE-2020-23238 Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature. Mon, 26 Jul 2021 16:03:49
CVE-2020-23234 Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by us... Mon, 26 Jul 2021 16:03:22
CVE-2020-17952 A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary ... Mon, 26 Jul 2021 16:03:02
CVE-2021-32795 ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versi... Mon, 26 Jul 2021 15:28:46
CVE-2021-32794 ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a... Mon, 26 Jul 2021 14:57:12
CVE-2021-37478 In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which res... Mon, 26 Jul 2021 14:07:50
CVE-2021-37477 In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_ord... Mon, 26 Jul 2021 14:07:25
CVE-2021-37476 In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a ... Mon, 26 Jul 2021 14:07:01
CVE-2021-37475 In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-pro... Mon, 26 Jul 2021 14:06:31
CVE-2021-37473 In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order... Mon, 26 Jul 2021 14:06:06
CVE-2021-36563 The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO m... Mon, 26 Jul 2021 14:05:52
CVE-2021-37394 In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registra... Mon, 26 Jul 2021 13:45:27
CVE-2021-37393 In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "... Mon, 26 Jul 2021 13:45:02
CVE-2021-37392 In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API funct... Mon, 26 Jul 2021 13:44:43
CVE-2021-32792 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect... Mon, 26 Jul 2021 13:12:51
CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect... Mon, 26 Jul 2021 13:08:28
CVE-2021-31292 An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and caus... Mon, 26 Jul 2021 13:08:13
CVE-2021-31291 A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS... Mon, 26 Jul 2021 13:07:46
CVE-2021-25804 A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the applic... Mon, 26 Jul 2021 13:07:16
CVE-2021-25803 A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attacker... Mon, 26 Jul 2021 13:06:50
CVE-2021-25802 A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to ... Mon, 26 Jul 2021 13:06:20
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report