CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-23394 | The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .ph... | Sun, 13 Jun 2021 07:08:15 |
| CVE-2021-34682 | Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. | Sat, 12 Jun 2021 17:05:31 |
| CVE-2021-31812 | In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache... | Sat, 12 Jun 2021 05:48:24 |
| CVE-2021-31811 | In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affect... | Sat, 12 Jun 2021 05:48:11 |
| CVE-2021-32557 | It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. | Fri, 11 Jun 2021 23:49:10 |
| CVE-2021-32556 | It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified pac... | Fri, 11 Jun 2021 23:48:44 |
| CVE-2021-32555 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... | Fri, 11 Jun 2021 23:48:16 |
| CVE-2021-32554 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... | Fri, 11 Jun 2021 23:48:01 |
| CVE-2021-32553 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... | Fri, 11 Jun 2021 23:47:34 |
| CVE-2021-32552 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... | Fri, 11 Jun 2021 23:47:12 |
| CVE-2021-32551 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... | Fri, 11 Jun 2021 23:46:44 |
| CVE-2021-32550 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... | Fri, 11 Jun 2021 23:46:18 |
| CVE-2021-32549 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... | Fri, 11 Jun 2021 23:45:59 |
| CVE-2021-32548 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... | Fri, 11 Jun 2021 23:45:37 |
| CVE-2021-32547 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... | Fri, 11 Jun 2021 23:45:08 |
| CVE-2021-34679 | Thycotic Password Reset Server before 5.3.0 allows credential disclosure. | Fri, 11 Jun 2021 17:04:18 |
| CVE-2021-21382 | Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback add... | Fri, 11 Jun 2021 16:55:54 |
| CVE-2021-3256 | KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. | Fri, 11 Jun 2021 16:03:37 |
| CVE-2021-27200 | In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The cod... | Fri, 11 Jun 2021 14:04:31 |
| CVE-2020-7860 | UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific fil... | Fri, 11 Jun 2021 14:04:11 |
| CVE-2021-32932 | The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on th... | Fri, 11 Jun 2021 13:18:02 |
| CVE-2021-32930 | The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change con... | Fri, 11 Jun 2021 13:17:38 |
| CVE-2021-27410 | The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the... | Fri, 11 Jun 2021 13:17:25 |
| CVE-2021-27408 | The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code ex... | Fri, 11 Jun 2021 13:17:05 |
| CVE-2021-21833 | An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGea... | Fri, 11 Jun 2021 13:16:34 |
| CVE-2021-21824 | An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially c... | Fri, 11 Jun 2021 13:16:09 |
| CVE-2021-21808 | A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially... | Fri, 11 Jun 2021 13:15:46 |
| CVE-2021-21795 | A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. ... | Fri, 11 Jun 2021 13:15:20 |
| CVE-2021-0498 | In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation ... | Fri, 11 Jun 2021 13:14:56 |
| CVE-2021-0497 | In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalati... | Fri, 11 Jun 2021 13:14:30 |
| CVE-2021-0496 | In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalati... | Fri, 11 Jun 2021 13:14:04 |
| CVE-2021-0495 | In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local esca... | Fri, 11 Jun 2021 13:13:47 |
| CVE-2021-0494 | In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local esc... | Fri, 11 Jun 2021 13:13:26 |
| CVE-2021-0493 | In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local ... | Fri, 11 Jun 2021 13:13:13 |
| CVE-2021-0492 | In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local ... | Fri, 11 Jun 2021 13:12:46 |
| CVE-2021-0491 | In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead t... | Fri, 11 Jun 2021 13:12:28 |
| CVE-2021-0490 | In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local ... | Fri, 11 Jun 2021 13:12:04 |
| CVE-2021-0489 | In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local ... | Fri, 11 Jun 2021 13:11:35 |
| CVE-2021-0487 | In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent... | Fri, 11 Jun 2021 13:11:04 |
| CVE-2021-0485 | In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a per... | Fri, 11 Jun 2021 13:10:48 |
| CVE-2021-0484 | In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This co... | Fri, 11 Jun 2021 13:10:23 |
| CVE-2021-0482 | In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to lo... | Fri, 11 Jun 2021 13:10:06 |
| CVE-2021-0481 | In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected UR... | Fri, 11 Jun 2021 13:09:51 |
| CVE-2021-0480 | In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This cou... | Fri, 11 Jun 2021 13:09:24 |
| CVE-2021-0477 | In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe Pe... | Fri, 11 Jun 2021 13:08:57 |
| CVE-2021-0476 | In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escal... | Fri, 11 Jun 2021 13:08:29 |
| CVE-2021-0475 | In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to r... | Fri, 11 Jun 2021 13:08:12 |
| CVE-2021-0474 | In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to r... | Fri, 11 Jun 2021 13:07:48 |
| CVE-2021-0473 | In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote co... | Fri, 11 Jun 2021 13:07:18 |
| CVE-2021-0472 | In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissi... | Fri, 11 Jun 2021 13:06:57 |
| CVE-2021-0466 | In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lea... | Fri, 11 Jun 2021 13:06:29 |
| CVE-2019-9475 | In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to l... | Fri, 11 Jun 2021 13:06:14 |
| CVE-2021-23230 | A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre ... | Fri, 11 Jun 2021 12:19:08 |
| CVE-2021-23211 | Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end... | Fri, 11 Jun 2021 12:18:53 |
| CVE-2021-23205 | Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration ... | Fri, 11 Jun 2021 12:18:23 |
| CVE-2021-23204 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key m... | Fri, 11 Jun 2021 12:18:07 |
| CVE-2021-23182 | Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader mast... | Fri, 11 Jun 2021 12:17:48 |
| CVE-2021-23140 | Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unaut... | Fri, 11 Jun 2021 12:17:31 |
| CVE-2021-23136 | Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivil... | Fri, 11 Jun 2021 12:17:18 |
| CVE-2021-22915 | Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnet... | Fri, 11 Jun 2021 12:16:57 |
| CVE-2021-22913 | Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the... | Fri, 11 Jun 2021 12:16:34 |
| CVE-2021-22912 | Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup ... | Fri, 11 Jun 2021 12:16:18 |
| CVE-2021-22906 | Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permittin... | Fri, 11 Jun 2021 12:15:52 |
| CVE-2021-22905 | Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for share... | Fri, 11 Jun 2021 12:15:34 |
| CVE-2021-22904 | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in th... | Fri, 11 Jun 2021 12:15:20 |
| CVE-2021-22903 | The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in... | Fri, 11 Jun 2021 12:14:59 |
| CVE-2021-22902 | The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers fr... | Fri, 11 Jun 2021 12:14:46 |
| CVE-2021-22901 | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TL... | Fri, 11 Jun 2021 12:14:29 |
| CVE-2021-22898 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPT... | Fri, 11 Jun 2021 12:14:05 |
| CVE-2021-22897 | curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SS... | Fri, 11 Jun 2021 12:13:53 |
| CVE-2021-22896 | Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticat... | Fri, 11 Jun 2021 12:13:25 |
| CVE-2021-22895 | Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verific... | Fri, 11 Jun 2021 12:13:12 |
| CVE-2021-22769 | A CWE-269: Improper Privilege Management vulnerability exists in EnerlinÕX ComÕX versions prior to V6.8.4 that could cause ... | Fri, 11 Jun 2021 12:12:45 |
| CVE-2021-22768 | ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0... | Fri, 11 Jun 2021 12:12:28 |
| CVE-2021-22767 | ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0... | Fri, 11 Jun 2021 12:12:05 |
| CVE-2021-22766 | ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0... | Fri, 11 Jun 2021 12:11:44 |
| CVE-2021-22765 | ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0... | Fri, 11 Jun 2021 12:11:16 |
| CVE-2021-22764 | A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerL... | Fri, 11 Jun 2021 12:10:46 |
| CVE-2021-22763 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8E... | Fri, 11 Jun 2021 12:10:26 |
| CVE-2021-22762 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.... | Fri, 11 Jun 2021 12:10:11 |
| CVE-2021-22761 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (De... | Fri, 11 Jun 2021 12:09:53 |
| CVE-2021-22760 | A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior t... | Fri, 11 Jun 2021 12:09:25 |
| CVE-2021-22759 | A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss ... | Fri, 11 Jun 2021 12:09:08 |
| CVE-2021-22758 | A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that coul... | Fri, 11 Jun 2021 12:08:39 |
| CVE-2021-22757 | A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in d... | Fri, 11 Jun 2021 12:08:08 |
| CVE-2021-22756 | A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in d... | Fri, 11 Jun 2021 12:07:40 |
| CVE-2021-22755 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in ... | Fri, 11 Jun 2021 12:07:24 |
| CVE-2021-22754 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in ... | Fri, 11 Jun 2021 12:06:59 |
| CVE-2021-22753 | A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in l... | Fri, 11 Jun 2021 12:06:33 |
| CVE-2021-22752 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in ... | Fri, 11 Jun 2021 12:06:09 |
| CVE-2021-22751 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in ... | Fri, 11 Jun 2021 12:05:47 |
| CVE-2021-22750 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in ... | Fri, 11 Jun 2021 12:05:16 |
| CVE-2021-22749 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1... | Fri, 11 Jun 2021 12:05:01 |
| CVE-2021-22181 | A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive ... | Fri, 11 Jun 2021 12:04:42 |
| CVE-2021-22175 | When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecti... | Fri, 11 Jun 2021 12:04:30 |
| CVE-2021-20591 | Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versi... | Fri, 11 Jun 2021 12:04:15 |
| CVE-2021-28213 | Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | Fri, 11 Jun 2021 11:25:32 |
| CVE-2021-28211 | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | Fri, 11 Jun 2021 11:25:05 |
| CVE-2021-28210 | An unlimited recursion in DxeCore in EDK II. | Fri, 11 Jun 2021 11:24:48 |
| CVE-2020-13663 | Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site ... | Fri, 11 Jun 2021 11:24:19 |