CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-41559 Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a c... Tue, 28 Jun 2022 18:06:31
CVE-2022-31887 Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password... Tue, 28 Jun 2022 18:06:18
CVE-2022-31884 Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other user... Tue, 28 Jun 2022 18:05:56
CVE-2022-29858 Silverstripe silverstripe/assets through 1.10 allows XSS. Tue, 28 Jun 2022 18:05:26
CVE-2022-25238 Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content... Tue, 28 Jun 2022 18:04:58
CVE-2022-24444 Silverstripe silverstripe/framework through 4.10 allows Session Fixation. Tue, 28 Jun 2022 18:04:44
CVE-2020-19897 A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via... Tue, 28 Jun 2022 18:04:26
CVE-2020-19896 File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. Tue, 28 Jun 2022 18:04:07
CVE-2022-31886 Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the ... Tue, 28 Jun 2022 17:04:06
CVE-2022-31885 Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. Tue, 28 Jun 2022 17:03:51
CVE-2022-31883 Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to se... Tue, 28 Jun 2022 17:03:25
CVE-2022-2246 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All referen... Tue, 28 Jun 2022 16:03:29
CVE-2021-3435 Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more infor... Tue, 28 Jun 2022 15:56:10
CVE-2021-3434 Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more... Tue, 28 Jun 2022 15:55:54
CVE-2021-3433 Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional C... Tue, 28 Jun 2022 15:55:35
CVE-2021-3432 Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more info... Tue, 28 Jun 2022 15:55:14
CVE-2021-3431 Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more i... Tue, 28 Jun 2022 15:54:52
CVE-2021-3430 Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). Fo... Tue, 28 Jun 2022 15:54:21
CVE-2022-2231 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. Tue, 28 Jun 2022 15:27:06
CVE-2022-31230 Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious... Tue, 28 Jun 2022 14:45:38
CVE-2022-31229 Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could pot... Tue, 28 Jun 2022 14:45:12
CVE-2022-31108 Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to cr... Tue, 28 Jun 2022 14:41:23
CVE-2022-31061 GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and sof... Tue, 28 Jun 2022 14:07:12
CVE-2022-28621 A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE h... Tue, 28 Jun 2022 14:06:45
CVE-2022-31068 GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and sof... Tue, 28 Jun 2022 13:59:22
CVE-2022-31056 GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and sof... Tue, 28 Jun 2022 13:55:29
CVE-2022-2145 Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. Duri... Tue, 28 Jun 2022 13:52:13
CVE-2022-31106 Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to v... Tue, 28 Jun 2022 13:32:58
CVE-2022-31052 Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of... Tue, 28 Jun 2022 13:12:08
CVE-2021-40553 piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. Tue, 28 Jun 2022 13:03:58
CVE-2022-33108 XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. Tue, 28 Jun 2022 13:03:37
CVE-2022-0987 A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue... Tue, 28 Jun 2022 13:03:21
CVE-2021-3779 A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explic... Tue, 28 Jun 2022 12:33:44
CVE-2022-0085 Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. Tue, 28 Jun 2022 11:04:38
CVE-2022-30563 When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can l... Tue, 28 Jun 2022 10:07:11
CVE-2022-30562 If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-i... Tue, 28 Jun 2022 10:06:53
CVE-2022-30561 When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log... Tue, 28 Jun 2022 10:06:37
CVE-2022-30560 When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could... Tue, 28 Jun 2022 10:06:08
CVE-2022-23763 Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. R... Tue, 28 Jun 2022 10:05:55
CVE-2021-41690 DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded i... Tue, 28 Jun 2022 09:13:59
CVE-2021-41689 DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query it... Tue, 28 Jun 2022 09:13:41
CVE-2021-41688 DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in ... Tue, 28 Jun 2022 09:13:21
CVE-2021-41687 DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not fre... Tue, 28 Jun 2022 09:12:53
CVE-2021-40944 In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/... Tue, 28 Jun 2022 09:12:30
CVE-2021-40943 In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Des... Tue, 28 Jun 2022 09:12:11
CVE-2021-40609 The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box comma... Tue, 28 Jun 2022 09:11:43
CVE-2021-40608 The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the M... Tue, 28 Jun 2022 09:11:31
CVE-2021-40607 The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box comma... Tue, 28 Jun 2022 09:11:07
CVE-2021-40606 The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box co... Tue, 28 Jun 2022 09:10:51
CVE-2021-41460 ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. Tue, 28 Jun 2022 09:10:31
CVE-2022-34750 An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand ... Tue, 28 Jun 2022 09:10:02
CVE-2022-23896 Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). Tue, 28 Jun 2022 09:09:50
CVE-2022-30997 Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may all... Tue, 28 Jun 2022 06:12:30
CVE-2022-30707 Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM ... Tue, 28 Jun 2022 06:12:13
CVE-2022-29519 Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4... Tue, 28 Jun 2022 06:11:57
CVE-2022-0624 Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. Tue, 28 Jun 2022 05:15:36
CVE-2017-20107 A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown fu... Tue, 28 Jun 2022 02:49:18
CVE-2017-20106 A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown p... Tue, 28 Jun 2022 02:48:56
CVE-2017-20105 A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The... Tue, 28 Jun 2022 02:48:33
CVE-2017-20104 A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of t... Tue, 28 Jun 2022 02:48:13
CVE-2022-34134 Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/contr... Mon, 27 Jun 2022 20:05:39
CVE-2022-34133 Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at ... Mon, 27 Jun 2022 20:05:14
CVE-2022-34132 Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/contro... Mon, 27 Jun 2022 20:04:44
CVE-2022-31104 Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for Web... Mon, 27 Jun 2022 19:22:19
CVE-2022-32995 Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. Mon, 27 Jun 2022 19:02:34
CVE-2022-32994 Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upl... Mon, 27 Jun 2022 19:02:20
CVE-2022-33009 A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HT... Mon, 27 Jun 2022 19:01:58
CVE-2022-31103 lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0... Mon, 27 Jun 2022 18:32:30
CVE-2022-31101 prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versio... Mon, 27 Jun 2022 18:25:27
CVE-2022-31099 rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, poss... Mon, 27 Jun 2022 18:20:51
CVE-2022-31100 rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly en... Mon, 27 Jun 2022 18:16:33
CVE-2022-31098 Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubern... Mon, 27 Jun 2022 18:12:37
CVE-2022-33007 TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genac... Mon, 27 Jun 2022 18:05:33
CVE-2022-32092 D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_exp... Mon, 27 Jun 2022 18:05:18
CVE-2017-20103 A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part ... Mon, 27 Jun 2022 17:56:42
CVE-2022-33879 The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient... Mon, 27 Jun 2022 17:52:44
CVE-2022-31096 Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an emai... Mon, 27 Jun 2022 17:45:04
CVE-2022-31093 NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can ... Mon, 27 Jun 2022 17:42:05
CVE-2022-31092 Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying d... Mon, 27 Jun 2022 17:33:44
CVE-2022-31091 Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affecte... Mon, 27 Jun 2022 17:29:32
CVE-2022-31090 Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions wh... Mon, 27 Jun 2022 17:23:56
CVE-2022-31089 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions ... Mon, 27 Jun 2022 17:15:27
CVE-2022-31094 ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) eas... Mon, 27 Jun 2022 17:08:25
CVE-2021-40942 In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c... Mon, 27 Jun 2022 17:03:59
CVE-2022-33116 An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and belo... Mon, 27 Jun 2022 17:03:41
CVE-2022-33005 A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.0... Mon, 27 Jun 2022 17:03:28
CVE-2022-31085 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... Mon, 27 Jun 2022 17:03:11
CVE-2022-31084 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... Mon, 27 Jun 2022 17:02:49
CVE-2022-31086 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... Mon, 27 Jun 2022 16:59:28
CVE-2022-31087 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... Mon, 27 Jun 2022 16:52:10
CVE-2022-31088 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP direct... Mon, 27 Jun 2022 16:48:20
CVE-2022-31082 GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and sof... Mon, 27 Jun 2022 16:34:27
CVE-2022-31081 HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could... Mon, 27 Jun 2022 16:27:20
CVE-2022-31077 KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts a... Mon, 27 Jun 2022 16:18:43
CVE-2022-31076 KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts a... Mon, 27 Jun 2022 16:14:25
CVE-2022-31064 BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cros... Mon, 27 Jun 2022 15:56:47
CVE-2022-31065 BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their use... Mon, 27 Jun 2022 15:50:33
CVE-2022-31057 Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to... Mon, 27 Jun 2022 15:35:42
CVE-2022-31039 Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room'... Mon, 27 Jun 2022 15:31:15
CVE-2022-31036 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vu... Mon, 27 Jun 2022 15:20:07
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report