CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-34864 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... Mon, 25 Oct 2021 13:18:17
CVE-2021-34863 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... Mon, 25 Oct 2021 13:17:54
CVE-2021-34862 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... Mon, 25 Oct 2021 13:17:38
CVE-2021-34861 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... Mon, 25 Oct 2021 13:17:19
CVE-2021-34860 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DA... Mon, 25 Oct 2021 13:16:56
CVE-2021-34859 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User ... Mon, 25 Oct 2021 13:16:38
CVE-2021-34857 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... Mon, 25 Oct 2021 13:16:13
CVE-2021-34856 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... Mon, 25 Oct 2021 13:15:52
CVE-2021-34855 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16... Mon, 25 Oct 2021 13:15:34
CVE-2021-34854 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... Mon, 25 Oct 2021 13:15:18
CVE-2021-41176 Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodact... Mon, 25 Oct 2021 12:56:10
CVE-2021-37624 FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a sof... Mon, 25 Oct 2021 12:14:40
CVE-2021-21319 Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malic... Mon, 25 Oct 2021 12:03:39
CVE-2021-41035 In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible... Mon, 25 Oct 2021 11:08:25
CVE-2020-20908 Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execu... Mon, 25 Oct 2021 11:02:17
CVE-2021-0939 In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could l... Mon, 25 Oct 2021 10:16:34
CVE-2021-0938 In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could... Mon, 25 Oct 2021 10:16:21
CVE-2021-0661 In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... Mon, 25 Oct 2021 10:16:05
CVE-2021-0631 In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service w... Mon, 25 Oct 2021 10:15:53
CVE-2021-0630 In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service w... Mon, 25 Oct 2021 10:15:32
CVE-2021-0625 In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with ... Mon, 25 Oct 2021 10:15:05
CVE-2021-0618 In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... Mon, 25 Oct 2021 10:14:44
CVE-2021-0616 In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... Mon, 25 Oct 2021 10:14:21
CVE-2021-0615 In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information dis... Mon, 25 Oct 2021 10:14:02
CVE-2021-0613 In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... Mon, 25 Oct 2021 10:13:34
CVE-2021-0414 In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... Mon, 25 Oct 2021 10:13:08
CVE-2021-0413 In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information ... Mon, 25 Oct 2021 10:12:47
CVE-2021-0411 In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information dis... Mon, 25 Oct 2021 10:12:34
CVE-2021-0410 In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... Mon, 25 Oct 2021 10:12:14
CVE-2021-0409 In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... Mon, 25 Oct 2021 10:11:49
CVE-2021-0941 In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local ... Mon, 25 Oct 2021 10:11:30
CVE-2021-0940 In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privil... Mon, 25 Oct 2021 10:11:06
CVE-2021-0936 In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalat... Mon, 25 Oct 2021 10:10:53
CVE-2021-0935 In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escala... Mon, 25 Oct 2021 10:10:27
CVE-2021-0663 In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... Mon, 25 Oct 2021 10:10:08
CVE-2021-0662 In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... Mon, 25 Oct 2021 10:09:52
CVE-2021-0634 In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of pr... Mon, 25 Oct 2021 10:09:38
CVE-2021-0633 In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalat... Mon, 25 Oct 2021 10:09:13
CVE-2021-0632 In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information d... Mon, 25 Oct 2021 10:09:01
CVE-2021-0617 In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... Mon, 25 Oct 2021 10:08:47
CVE-2021-0614 In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... Mon, 25 Oct 2021 10:08:27
CVE-2021-0412 In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information ... Mon, 25 Oct 2021 10:08:06
CVE-2017-20007 Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive inf... Mon, 25 Oct 2021 10:07:40
CVE-2020-14264 "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConne... Mon, 25 Oct 2021 09:44:10
CVE-2021-24885 The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, l... Mon, 25 Oct 2021 09:34:01
CVE-2021-24884 The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a>... Mon, 25 Oct 2021 09:33:36
CVE-2021-24785 The Great Quotes WordPress plugin through 1.0.0 does not sanitise and escape the Quote and Author fields of its Quotes, which... Mon, 25 Oct 2021 09:33:14
CVE-2021-24779 The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any ca... Mon, 25 Oct 2021 09:32:57
CVE-2021-24774 The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters bef... Mon, 25 Oct 2021 09:32:30
CVE-2021-24769 The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using i... Mon, 25 Oct 2021 09:32:06
CVE-2021-24744 The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outp... Mon, 25 Oct 2021 09:31:52
CVE-2021-24699 The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow u... Mon, 25 Oct 2021 09:31:31
CVE-2021-24662 The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQ... Mon, 25 Oct 2021 09:31:11
CVE-2021-24653 The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitise the Cookie Bar Message setting, which could allow hig... Mon, 25 Oct 2021 09:30:57
CVE-2021-24608 The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise... Mon, 25 Oct 2021 09:30:40
CVE-2021-24544 The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allow... Mon, 25 Oct 2021 09:30:13
CVE-2021-24543 The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise... Mon, 25 Oct 2021 09:29:43
CVE-2021-24515 The Video Gallery – Vimeo and YouTube Gallery WordPress plugin through 1.1.4 does not escape the Title and Description of t... Mon, 25 Oct 2021 09:29:30
CVE-2021-24514 The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege user... Mon, 25 Oct 2021 09:29:17
CVE-2021-24489 The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin das... Mon, 25 Oct 2021 09:29:02
CVE-2021-24487 The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display ... Mon, 25 Oct 2021 09:28:35
CVE-2021-24485 The Special Text Boxes WordPress plugin through 5.9.109 does not sanitise or escape some of its settings, which could allow h... Mon, 25 Oct 2021 09:28:14
CVE-2021-24414 The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, all... Mon, 25 Oct 2021 09:27:54
CVE-2021-24381 The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form f... Mon, 25 Oct 2021 09:27:41
CVE-2021-25977 In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a... Mon, 25 Oct 2021 09:16:52
CVE-2021-35231 As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker... Mon, 25 Oct 2021 09:06:48
CVE-2021-40865 An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth... Mon, 25 Oct 2021 08:31:27
CVE-2021-38294 A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache ... Mon, 25 Oct 2021 08:31:00
CVE-2021-40527 Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and includi... Mon, 25 Oct 2021 07:03:53
CVE-2021-40526 Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to tr... Mon, 25 Oct 2021 07:03:34
CVE-2021-40371 Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as de... Mon, 25 Oct 2021 03:06:07
CVE-2021-21703 In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with m... Mon, 25 Oct 2021 01:43:28
CVE-2021-42258 BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as ... Fri, 22 Oct 2021 18:03:39
CVE-2020-36502 Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename par... Fri, 22 Oct 2021 16:25:16
CVE-2020-36501 Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arb... Fri, 22 Oct 2021 16:24:54
CVE-2020-36499 TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the c... Fri, 22 Oct 2021 16:24:35
CVE-2020-36498 Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account r... Fri, 22 Oct 2021 16:24:07
CVE-2020-36497 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_home... Fri, 22 Oct 2021 16:23:48
CVE-2020-36496 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_use... Fri, 22 Oct 2021 16:23:34
CVE-2020-36495 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_v... Fri, 22 Oct 2021 16:23:04
CVE-2020-36494 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edi... Fri, 22 Oct 2021 16:22:47
CVE-2020-36493 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.ph... Fri, 22 Oct 2021 16:22:23
CVE-2020-36492 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.... Fri, 22 Oct 2021 16:22:01
CVE-2020-36491 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php... Fri, 22 Oct 2021 16:21:46
CVE-2020-36490 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_v... Fri, 22 Oct 2021 16:21:26
CVE-2020-36489 Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicena... Fri, 22 Oct 2021 16:21:02
CVE-2020-36488 An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. Fri, 22 Oct 2021 16:20:40
CVE-2020-36486 Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'pat... Fri, 22 Oct 2021 16:20:12
CVE-2020-36485 Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the... Fri, 22 Oct 2021 16:19:49
CVE-2020-28969 Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a c... Fri, 22 Oct 2021 16:19:20
CVE-2020-28968 Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Config... Fri, 22 Oct 2021 16:19:00
CVE-2020-28967 FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allo... Fri, 22 Oct 2021 16:18:33
CVE-2020-28964 Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerabil... Fri, 22 Oct 2021 16:18:18
CVE-2020-28963 Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function. Fri, 22 Oct 2021 16:18:05
CVE-2020-28961 Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/clie... Fri, 22 Oct 2021 16:17:35
CVE-2020-28960 Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the i... Fri, 22 Oct 2021 16:17:11
CVE-2020-28957 Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute... Fri, 22 Oct 2021 16:16:57
CVE-2020-28956 Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbit... Fri, 22 Oct 2021 16:16:45
CVE-2020-28955 SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vul... Fri, 22 Oct 2021 16:16:16
CVE-2020-23061 Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `dow... Fri, 22 Oct 2021 16:15:49
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report