CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2023-1777 Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API ... Fri, 31 Mar 2023 08:07:05
CVE-2023-1776 Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a ... Fri, 31 Mar 2023 08:06:47
CVE-2023-1775 When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted eve... Fri, 31 Mar 2023 08:06:30
CVE-2023-1774 When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that... Fri, 31 Mar 2023 08:06:05
CVE-2023-1773 A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the f... Fri, 31 Mar 2023 08:05:51
CVE-2023-1772 A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the... Fri, 31 Mar 2023 08:05:23
CVE-2023-1771 A vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. Affected by... Fri, 31 Mar 2023 08:05:05
CVE-2023-1770 A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected ... Fri, 31 Mar 2023 08:04:40
CVE-2023-1769 A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Aff... Fri, 31 Mar 2023 07:03:41
CVE-2023-1060 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Refl... Fri, 31 Mar 2023 06:04:33
CVE-2023-1258 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (... Fri, 31 Mar 2023 04:08:06
CVE-2023-28727 Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forward... Fri, 31 Mar 2023 03:06:22
CVE-2023-28726 Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. Fri, 31 Mar 2023 03:05:52
CVE-2023-28756 A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid UR... Fri, 31 Mar 2023 00:05:05
CVE-2023-28755 A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URL... Fri, 31 Mar 2023 00:04:39
CVE-2023-1761 Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Thu, 30 Mar 2023 22:18:40
CVE-2023-1760 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Thu, 30 Mar 2023 22:18:19
CVE-2023-1759 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Thu, 30 Mar 2023 22:17:48
CVE-2023-1762 Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Thu, 30 Mar 2023 22:10:50
CVE-2023-1755 Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Thu, 30 Mar 2023 21:17:27
CVE-2023-1754 Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Thu, 30 Mar 2023 21:17:02
CVE-2023-1753 Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Thu, 30 Mar 2023 21:09:26
CVE-2023-1747 A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown f... Thu, 30 Mar 2023 20:02:43
CVE-2023-1746 A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function o... Thu, 30 Mar 2023 19:05:31
CVE-2023-1745 A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown pr... Thu, 30 Mar 2023 19:05:15
CVE-2023-1744 A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htac... Thu, 30 Mar 2023 19:05:03
CVE-2023-1670 A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use thi... Thu, 30 Mar 2023 19:04:51
CVE-2023-1743 A vulnerability classified as problematic has been found in SourceCodester Grade Point Average GPA Calculator 1.0. This affec... Thu, 30 Mar 2023 18:06:19
CVE-2023-1742 A vulnerability was found in IBOS 4.5.5. It has been rated as critical. Affected by this issue is some unknown functionality ... Thu, 30 Mar 2023 18:06:06
CVE-2023-1741 A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unkn... Thu, 30 Mar 2023 18:05:42
CVE-2023-1740 A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been classified as critical. Affected is ... Thu, 30 Mar 2023 17:09:49
CVE-2023-1739 A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. This is... Thu, 30 Mar 2023 17:09:32
CVE-2023-1738 A vulnerability has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0 and classified as critical. This vul... Thu, 30 Mar 2023 17:09:09
CVE-2023-1393 A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explici... Thu, 30 Mar 2023 17:06:09
CVE-2022-4744 A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device w... Thu, 30 Mar 2023 17:05:41
CVE-2023-26692 ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management Sy... Thu, 30 Mar 2023 16:07:46
CVE-2023-28846 Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability ... Thu, 30 Mar 2023 16:07:16
CVE-2023-28462 A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), a... Thu, 30 Mar 2023 16:06:56
CVE-2023-27538 An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despi... Thu, 30 Mar 2023 16:06:40
CVE-2023-27537 A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was intr... Thu, 30 Mar 2023 16:06:11
CVE-2023-27536 An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously estab... Thu, 30 Mar 2023 16:05:50
CVE-2023-27535 An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong ... Thu, 30 Mar 2023 16:05:37
CVE-2023-27534 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replace... Thu, 30 Mar 2023 16:05:07
CVE-2023-27533 A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker ... Thu, 30 Mar 2023 16:04:55
CVE-2023-1737 A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This ... Thu, 30 Mar 2023 16:04:29
CVE-2023-1736 A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. ... Thu, 30 Mar 2023 16:04:07
CVE-2023-1735 A vulnerability classified as critical was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this ... Thu, 30 Mar 2023 16:03:48
CVE-2022-47542 Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges. Thu, 30 Mar 2023 16:03:30
CVE-2023-28835 Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creat... Thu, 30 Mar 2023 15:05:43
CVE-2023-28833 Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a l... Thu, 30 Mar 2023 15:05:28
CVE-2023-28647 Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 whe... Thu, 30 Mar 2023 15:05:06
CVE-2023-28646 Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and befo... Thu, 30 Mar 2023 15:04:39
CVE-2023-28644 Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient f... Thu, 30 Mar 2023 15:04:14
CVE-2023-28643 Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with th... Thu, 30 Mar 2023 15:04:00
CVE-2023-26482 Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users t... Thu, 30 Mar 2023 15:03:48
CVE-2023-1734 A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is ... Thu, 30 Mar 2023 15:03:19
CVE-2022-23522 MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` ... Thu, 30 Mar 2023 15:02:50
CVE-2023-29059 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 1... Thu, 30 Mar 2023 13:06:30
CVE-2022-43473 A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168... Thu, 30 Mar 2023 13:06:03
CVE-2023-24473 An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenIma... Thu, 30 Mar 2023 12:07:59
CVE-2023-24472 A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1... Thu, 30 Mar 2023 12:07:31
CVE-2023-22845 An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v... Thu, 30 Mar 2023 12:07:06
CVE-2022-30351 PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted informat... Thu, 30 Mar 2023 12:06:54
CVE-2022-30350 Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online t... Thu, 30 Mar 2023 12:06:32
CVE-2023-25076 A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (c... Thu, 30 Mar 2023 11:06:05
CVE-2023-1725 Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.Thi... Thu, 30 Mar 2023 11:05:52
CVE-2023-28733 AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitabl... Thu, 30 Mar 2023 08:07:58
CVE-2023-28732 Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the ... Thu, 30 Mar 2023 08:07:31
CVE-2023-28731 AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's ... Thu, 30 Mar 2023 08:07:04
CVE-2023-25040 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcod... Thu, 30 Mar 2023 08:06:45
CVE-2023-24399 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions. Thu, 30 Mar 2023 08:06:21
CVE-2023-23681 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Bui... Thu, 30 Mar 2023 08:06:05
CVE-2023-23677 Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions. Thu, 30 Mar 2023 07:06:11
CVE-2023-23675 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions. Thu, 30 Mar 2023 07:05:53
CVE-2023-23670 Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versi... Thu, 30 Mar 2023 07:05:40
CVE-2023-28935 ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerabi... Thu, 30 Mar 2023 06:05:52
CVE-2023-1699 Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker ... Thu, 30 Mar 2023 06:05:25
CVE-2023-1712 Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30. Thu, 30 Mar 2023 05:54:27
CVE-2023-1014 Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Foot... Thu, 30 Mar 2023 05:04:36
CVE-2023-1013 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Virames Vira-Investing allows ... Thu, 30 Mar 2023 05:04:24
CVE-2023-26118 All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url">... Thu, 30 Mar 2023 01:05:04
CVE-2023-26117 All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service ... Thu, 30 Mar 2023 01:04:45
CVE-2023-26116 All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() uti... Thu, 30 Mar 2023 01:04:33
CVE-2023-25000 HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timin... Wed, 29 Mar 2023 21:06:09
CVE-2023-0665 HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata... Wed, 29 Mar 2023 21:05:43
CVE-2023-0620 HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring... Wed, 29 Mar 2023 21:05:18
CVE-2023-0836 An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11... Wed, 29 Mar 2023 17:08:31
CVE-2023-28509 Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2... Wed, 29 Mar 2023 17:08:07
CVE-2023-28508 Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2... Wed, 29 Mar 2023 17:07:53
CVE-2023-28507 Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2... Wed, 29 Mar 2023 17:07:25
CVE-2023-28506 Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2... Wed, 29 Mar 2023 17:06:55
CVE-2023-28505 Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2... Wed, 29 Mar 2023 17:06:38
CVE-2023-28504 Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2... Wed, 29 Mar 2023 17:06:16
CVE-2023-28503 Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2... Wed, 29 Mar 2023 17:06:01
CVE-2023-28502 Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2... Wed, 29 Mar 2023 17:05:43
CVE-2023-1652 A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This ... Wed, 29 Mar 2023 17:05:30
CVE-2022-3787 A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root acces... Wed, 29 Mar 2023 17:05:08
CVE-2022-1274 A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emai... Wed, 29 Mar 2023 17:04:40
CVE-2021-41526 A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability m... Wed, 29 Mar 2023 16:34:18
CVE-2019-8963 A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST requ... Wed, 29 Mar 2023 16:34:05
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report