CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2020-20125 EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php. Tue, 28 Sep 2021 18:42:44
CVE-2020-20124 Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. Tue, 28 Sep 2021 18:42:24
CVE-2020-20122 Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.ph... Tue, 28 Sep 2021 18:42:09
CVE-2020-20120 ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "wher... Tue, 28 Sep 2021 18:41:55
CVE-2021-41106 JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC... Tue, 28 Sep 2021 16:54:51
CVE-2021-36297 SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arb... Tue, 28 Sep 2021 15:27:42
CVE-2021-36286 Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vu... Tue, 28 Sep 2021 15:27:24
CVE-2021-36285 Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated maliciou... Tue, 28 Sep 2021 15:27:02
CVE-2021-36284 Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated maliciou... Tue, 28 Sep 2021 15:26:43
CVE-2021-36283 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit t... Tue, 28 Sep 2021 15:26:17
CVE-2021-21570 Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote a... Tue, 28 Sep 2021 15:25:55
CVE-2021-21569 Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to ... Tue, 28 Sep 2021 15:25:26
CVE-2021-21522 Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerab... Tue, 28 Sep 2021 15:25:08
CVE-2021-38303 A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360. Tue, 28 Sep 2021 15:05:10
CVE-2021-37271 Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user coo... Tue, 28 Sep 2021 15:04:47
CVE-2021-37267 Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtai... Tue, 28 Sep 2021 15:04:19
CVE-2021-30086 Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacke... Tue, 28 Sep 2021 15:04:04
CVE-2021-41318 In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. whic... Tue, 28 Sep 2021 14:02:12
CVE-2021-37273 A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is ... Tue, 28 Sep 2021 14:01:49
CVE-2021-36366 Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. Tue, 28 Sep 2021 13:08:11
CVE-2021-36365 Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. Tue, 28 Sep 2021 13:07:55
CVE-2021-36364 Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. Tue, 28 Sep 2021 13:07:28
CVE-2021-36363 Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. Tue, 28 Sep 2021 13:07:03
CVE-2021-29367 A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG ... Tue, 28 Sep 2021 12:08:47
CVE-2021-29366 A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code ... Tue, 28 Sep 2021 12:08:24
CVE-2021-29365 Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This c... Tue, 28 Sep 2021 12:08:10
CVE-2021-29364 A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via ... Tue, 28 Sep 2021 12:07:51
CVE-2021-29363 A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a... Tue, 28 Sep 2021 12:07:31
CVE-2021-29362 A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a... Tue, 28 Sep 2021 12:07:17
CVE-2021-29361 A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code v... Tue, 28 Sep 2021 12:06:53
CVE-2021-29360 A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code v... Tue, 28 Sep 2021 12:06:22
CVE-2021-29358 A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DO... Tue, 28 Sep 2021 12:05:57
CVE-2021-41104 ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 20... Tue, 28 Sep 2021 11:19:52
CVE-2021-37106 There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processi... Tue, 28 Sep 2021 10:42:13
CVE-2021-37105 There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verificat... Tue, 28 Sep 2021 10:41:53
CVE-2021-37104 There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is du... Tue, 28 Sep 2021 10:41:28
CVE-2021-38124 Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0... Tue, 28 Sep 2021 10:05:53
CVE-2021-22535 Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product,... Tue, 28 Sep 2021 10:05:40
CVE-2021-34636 The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save... Tue, 28 Sep 2021 10:05:17
CVE-2021-37146 An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows r... Tue, 28 Sep 2021 09:03:59
CVE-2021-41540 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... Tue, 28 Sep 2021 07:21:24
CVE-2021-41539 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... Tue, 28 Sep 2021 07:21:02
CVE-2021-41538 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable t... Tue, 28 Sep 2021 07:20:32
CVE-2021-41537 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... Tue, 28 Sep 2021 07:20:10
CVE-2021-41536 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... Tue, 28 Sep 2021 07:19:50
CVE-2021-41535 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... Tue, 28 Sep 2021 07:19:34
CVE-2021-41534 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable t... Tue, 28 Sep 2021 07:19:07
CVE-2021-41533 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable t... Tue, 28 Sep 2021 07:18:52
CVE-2021-36165 RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends use... Tue, 28 Sep 2021 06:08:04
CVE-2021-33601 A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify se... Tue, 28 Sep 2021 06:07:42
CVE-2021-33600 A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnera... Tue, 28 Sep 2021 05:40:03
CVE-2020-20696 A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary we... Mon, 27 Sep 2021 18:07:30
CVE-2020-20695 A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTM... Mon, 27 Sep 2021 18:07:04
CVE-2020-20693 A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accoun... Mon, 27 Sep 2021 18:06:51
CVE-2020-20692 GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.p... Mon, 27 Sep 2021 18:06:25
CVE-2020-20691 An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension fil... Mon, 27 Sep 2021 18:06:06
CVE-2021-37274 Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain comput... Mon, 27 Sep 2021 17:06:18
CVE-2021-37270 There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this v... Mon, 27 Sep 2021 17:06:04
CVE-2020-24930 Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS... Mon, 27 Sep 2021 17:05:36
CVE-2021-41098 Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 a... Mon, 27 Sep 2021 15:38:24
CVE-2021-41095 Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and ea... Mon, 27 Sep 2021 15:34:45
CVE-2021-41096 Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earl... Mon, 27 Sep 2021 15:27:51
CVE-2021-41097 aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vul... Mon, 27 Sep 2021 13:48:03
CVE-2021-20035 Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inje... Mon, 27 Sep 2021 13:27:27
CVE-2021-20034 An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal chec... Mon, 27 Sep 2021 13:27:06
CVE-2021-41753 A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B0... Mon, 27 Sep 2021 13:06:50
CVE-2021-41558 The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. Mon, 27 Sep 2021 13:06:23
CVE-2021-40329 The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. Mon, 27 Sep 2021 13:05:57
CVE-2021-37761 Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code exe... Mon, 27 Sep 2021 13:05:33
CVE-2021-36134 Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent u... Mon, 27 Sep 2021 13:05:17
CVE-2021-23445 This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would no... Mon, 27 Sep 2021 12:41:02
CVE-2021-39828 Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editio... Mon, 27 Sep 2021 12:12:40
CVE-2021-39827 Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editi... Mon, 27 Sep 2021 12:12:13
CVE-2021-39826 Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authentic... Mon, 27 Sep 2021 12:11:57
CVE-2021-39825 Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerab... Mon, 27 Sep 2021 12:11:28
CVE-2021-39818 Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malici... Mon, 27 Sep 2021 12:11:05
CVE-2021-40714 Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability vi... Mon, 27 Sep 2021 12:10:42
CVE-2021-40713 Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the ... Mon, 27 Sep 2021 12:10:30
CVE-2021-40712 Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path ... Mon, 27 Sep 2021 12:10:13
CVE-2021-40711 Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragme... Mon, 27 Sep 2021 12:09:51
CVE-2021-40709 Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when pa... Mon, 27 Sep 2021 12:09:30
CVE-2021-40703 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... Mon, 27 Sep 2021 12:09:04
CVE-2021-40702 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... Mon, 27 Sep 2021 12:08:46
CVE-2021-40701 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... Mon, 27 Sep 2021 12:08:23
CVE-2021-40700 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... Mon, 27 Sep 2021 12:08:09
CVE-2021-39824 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... Mon, 27 Sep 2021 12:07:55
CVE-2021-39823 Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow ... Mon, 27 Sep 2021 12:07:33
CVE-2021-39819 Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malici... Mon, 27 Sep 2021 12:07:16
CVE-2021-36880 Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: cu... Mon, 27 Sep 2021 12:07:01
CVE-2021-36879 Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress co... Mon, 27 Sep 2021 12:06:49
CVE-2021-36877 Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attack... Mon, 27 Sep 2021 12:06:37
CVE-2021-36876 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF ... Mon, 27 Sep 2021 12:06:15
CVE-2021-36875 Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable... Mon, 27 Sep 2021 12:05:46
CVE-2021-36874 Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Mon, 27 Sep 2021 12:05:22
CVE-2021-36845 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions... Mon, 27 Sep 2021 12:05:09
CVE-2021-36841 Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, ... Mon, 27 Sep 2021 12:04:40
CVE-2021-28613 Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could al... Mon, 27 Sep 2021 12:04:22
CVE-2021-24671 The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks ... Mon, 27 Sep 2021 11:33:58
CVE-2021-24670 The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as C... Mon, 27 Sep 2021 11:33:28
CVE-2021-24666 The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default)... Mon, 27 Sep 2021 11:33:09
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report