CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2022-42002 SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and ... Fri, 30 Sep 2022 20:04:42
CVE-2022-39268 ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not i... Fri, 30 Sep 2022 16:27:31
CVE-2022-34429 Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially ex... Fri, 30 Sep 2022 15:30:40
CVE-2022-34428 Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary... Fri, 30 Sep 2022 15:30:27
CVE-2021-36865 Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress all... Fri, 30 Sep 2022 15:10:05
CVE-2022-40943 Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. Fri, 30 Sep 2022 15:09:49
CVE-2022-40923 A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a deni... Fri, 30 Sep 2022 15:09:18
CVE-2022-40756 If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for... Fri, 30 Sep 2022 15:08:58
CVE-2022-40341 mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary ... Fri, 30 Sep 2022 15:08:39
CVE-2022-35156 Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspa... Fri, 30 Sep 2022 15:08:12
CVE-2022-35155 Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the search... Fri, 30 Sep 2022 15:07:42
CVE-2022-20945 A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an u... Fri, 30 Sep 2022 14:59:06
CVE-2022-20930 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly co... Fri, 30 Sep 2022 14:58:51
CVE-2022-20919 A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software a... Fri, 30 Sep 2022 14:58:22
CVE-2022-20856 A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco I... Fri, 30 Sep 2022 14:58:06
CVE-2022-20855 A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Acce... Fri, 30 Sep 2022 14:57:36
CVE-2022-20851 A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an in... Fri, 30 Sep 2022 14:57:08
CVE-2022-20850 A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated... Fri, 30 Sep 2022 14:56:38
CVE-2022-20848 A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 91... Fri, 30 Sep 2022 14:56:16
CVE-2022-20847 A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Famil... Fri, 30 Sep 2022 14:55:59
CVE-2022-20844 A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vM... Fri, 30 Sep 2022 14:55:46
CVE-2022-20818 Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated pr... Fri, 30 Sep 2022 14:55:29
CVE-2022-20810 A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalys... Fri, 30 Sep 2022 14:55:01
CVE-2022-20775 Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated pr... Fri, 30 Sep 2022 14:54:43
CVE-2022-20769 A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an una... Fri, 30 Sep 2022 14:54:13
CVE-2022-20728 A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent ... Fri, 30 Sep 2022 14:54:01
CVE-2022-20662 A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with ph... Fri, 30 Sep 2022 14:50:14
CVE-2021-33354 Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modif... Fri, 30 Sep 2022 14:04:53
CVE-2022-41975 RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer... Fri, 30 Sep 2022 14:04:30
CVE-2022-41870 AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload... Fri, 30 Sep 2022 14:04:09
CVE-2022-40944 Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. Fri, 30 Sep 2022 14:03:56
CVE-2021-36855 Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPr... Fri, 30 Sep 2022 13:08:09
CVE-2021-36854 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. Fri, 30 Sep 2022 13:07:46
CVE-2021-36839 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at W... Fri, 30 Sep 2022 13:07:19
CVE-2021-36830 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress. Fri, 30 Sep 2022 13:06:58
CVE-2022-40316 The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-edit... Fri, 30 Sep 2022 13:06:43
CVE-2022-40315 A limited SQL injection risk was identified in the "browse list of users" site administration page. Fri, 30 Sep 2022 13:06:24
CVE-2022-40314 A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. Fri, 30 Sep 2022 13:05:59
CVE-2022-40313 Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page ... Fri, 30 Sep 2022 13:05:44
CVE-2022-40277 Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a ... Fri, 30 Sep 2022 13:05:17
CVE-2022-40274 Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malici... Fri, 30 Sep 2022 13:04:53
CVE-2022-36965 Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue ... Fri, 30 Sep 2022 13:04:34
CVE-2022-36961 A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for p... Fri, 30 Sep 2022 13:04:03
CVE-2022-32540 Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions ... Fri, 30 Sep 2022 13:03:41
CVE-2022-21826 Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives ... Fri, 30 Sep 2022 13:03:19
CVE-2022-1959 AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is poss... Fri, 30 Sep 2022 13:02:54
CVE-2022-28851 Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.... Fri, 30 Sep 2022 13:02:29
CVE-2022-41440 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edi... Fri, 30 Sep 2022 11:06:43
CVE-2022-41439 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edi... Fri, 30 Sep 2022 11:06:24
CVE-2022-41437 Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_acti... Fri, 30 Sep 2022 11:05:56
CVE-2022-23726 PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication r... Fri, 30 Sep 2022 10:39:47
CVE-2022-37461 Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to i... Fri, 30 Sep 2022 10:05:15
CVE-2022-3371 Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. Fri, 30 Sep 2022 09:19:13
CVE-2022-2529 sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers c... Fri, 30 Sep 2022 06:48:06
CVE-2022-2922 Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Fri, 30 Sep 2022 02:49:19
CVE-2022-41850 roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-af... Fri, 30 Sep 2022 02:04:15
CVE-2022-41849 drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a phys... Fri, 30 Sep 2022 02:03:45
CVE-2022-41848 drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a ... Fri, 30 Sep 2022 02:03:22
CVE-2022-21222 The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure... Fri, 30 Sep 2022 01:11:42
CVE-2022-41847 An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char... Fri, 30 Sep 2022 01:08:00
CVE-2022-41846 An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::Reallocate... Fri, 30 Sep 2022 01:07:31
CVE-2022-41845 An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::... Fri, 30 Sep 2022 01:07:02
CVE-2022-41844 An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vu... Fri, 30 Sep 2022 01:06:42
CVE-2022-41843 An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability tha... Fri, 30 Sep 2022 01:06:24
CVE-2022-41842 An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. Fri, 30 Sep 2022 01:06:02
CVE-2022-41841 An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4Fi... Fri, 30 Sep 2022 01:05:34
CVE-2022-24373 The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to i... Fri, 30 Sep 2022 01:05:16
CVE-2022-2778 In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. Fri, 30 Sep 2022 00:05:44
CVE-2022-41828 In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory do... Thu, 29 Sep 2022 17:05:32
CVE-2022-3364 Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. Thu, 29 Sep 2022 16:47:55
CVE-2022-39232 Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an inco... Thu, 29 Sep 2022 16:18:52
CVE-2022-39226 Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 ... Thu, 29 Sep 2022 16:07:00
CVE-2022-40472 ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnera... Thu, 29 Sep 2022 16:03:26
CVE-2022-36068 Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 ... Thu, 29 Sep 2022 15:47:38
CVE-2022-36066 Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 ... Thu, 29 Sep 2022 15:36:55
CVE-2022-35137 DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. Thu, 29 Sep 2022 15:07:13
CVE-2022-33880 hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type p... Thu, 29 Sep 2022 15:06:52
CVE-2022-39266 isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if th... Thu, 29 Sep 2022 14:15:03
CVE-2022-40887 SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection. Thu, 29 Sep 2022 13:05:08
CVE-2022-40879 kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.' Thu, 29 Sep 2022 13:04:42
CVE-2022-29503 A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40... Thu, 29 Sep 2022 12:39:02
CVE-2022-40931 dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS). Thu, 29 Sep 2022 12:04:59
CVE-2022-39168 IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235... Thu, 29 Sep 2022 11:42:57
CVE-2022-38732 SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of... Thu, 29 Sep 2022 11:02:31
CVE-2022-39254 matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users ... Thu, 29 Sep 2022 10:36:42
CVE-2022-39252 matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryptio... Thu, 29 Sep 2022 10:23:07
CVE-2022-40408 FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the ... Thu, 29 Sep 2022 10:02:55
CVE-2022-40407 A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafte... Thu, 29 Sep 2022 10:02:36
CVE-2022-40890 A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. Thu, 29 Sep 2022 09:02:59
CVE-2022-40363 A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows... Thu, 29 Sep 2022 09:02:43
CVE-2022-39250 Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an ... Thu, 29 Sep 2022 09:02:15
CVE-2022-40475 TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.... Thu, 29 Sep 2022 08:07:20
CVE-2022-40126 A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges... Thu, 29 Sep 2022 08:06:56
CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614. Thu, 29 Sep 2022 07:56:39
CVE-2022-3355 Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3. Thu, 29 Sep 2022 05:30:04
CVE-2020-35675 BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members... Thu, 29 Sep 2022 01:29:29
CVE-2020-35674 BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.p... Thu, 29 Sep 2022 01:29:17
CVE-2020-27602 BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. Thu, 29 Sep 2022 01:29:03
CVE-2020-27601 In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bi... Thu, 29 Sep 2022 01:28:35
CVE-2020-15347 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. Thu, 29 Sep 2022 01:28:08
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report