CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2020-20125 | EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php. | Tue, 28 Sep 2021 18:42:44 |
| CVE-2020-20124 | Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | Tue, 28 Sep 2021 18:42:24 |
| CVE-2020-20122 | Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.ph... | Tue, 28 Sep 2021 18:42:09 |
| CVE-2020-20120 | ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "wher... | Tue, 28 Sep 2021 18:41:55 |
| CVE-2021-41106 | JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC... | Tue, 28 Sep 2021 16:54:51 |
| CVE-2021-36297 | SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arb... | Tue, 28 Sep 2021 15:27:42 |
| CVE-2021-36286 | Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vu... | Tue, 28 Sep 2021 15:27:24 |
| CVE-2021-36285 | Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated maliciou... | Tue, 28 Sep 2021 15:27:02 |
| CVE-2021-36284 | Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated maliciou... | Tue, 28 Sep 2021 15:26:43 |
| CVE-2021-36283 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit t... | Tue, 28 Sep 2021 15:26:17 |
| CVE-2021-21570 | Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote a... | Tue, 28 Sep 2021 15:25:55 |
| CVE-2021-21569 | Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to ... | Tue, 28 Sep 2021 15:25:26 |
| CVE-2021-21522 | Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerab... | Tue, 28 Sep 2021 15:25:08 |
| CVE-2021-38303 | A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360. | Tue, 28 Sep 2021 15:05:10 |
| CVE-2021-37271 | Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user coo... | Tue, 28 Sep 2021 15:04:47 |
| CVE-2021-37267 | Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtai... | Tue, 28 Sep 2021 15:04:19 |
| CVE-2021-30086 | Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacke... | Tue, 28 Sep 2021 15:04:04 |
| CVE-2021-41318 | In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. whic... | Tue, 28 Sep 2021 14:02:12 |
| CVE-2021-37273 | A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is ... | Tue, 28 Sep 2021 14:01:49 |
| CVE-2021-36366 | Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. | Tue, 28 Sep 2021 13:08:11 |
| CVE-2021-36365 | Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. | Tue, 28 Sep 2021 13:07:55 |
| CVE-2021-36364 | Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. | Tue, 28 Sep 2021 13:07:28 |
| CVE-2021-36363 | Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. | Tue, 28 Sep 2021 13:07:03 |
| CVE-2021-29367 | A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG ... | Tue, 28 Sep 2021 12:08:47 |
| CVE-2021-29366 | A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code ... | Tue, 28 Sep 2021 12:08:24 |
| CVE-2021-29365 | Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This c... | Tue, 28 Sep 2021 12:08:10 |
| CVE-2021-29364 | A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via ... | Tue, 28 Sep 2021 12:07:51 |
| CVE-2021-29363 | A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a... | Tue, 28 Sep 2021 12:07:31 |
| CVE-2021-29362 | A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a... | Tue, 28 Sep 2021 12:07:17 |
| CVE-2021-29361 | A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code v... | Tue, 28 Sep 2021 12:06:53 |
| CVE-2021-29360 | A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code v... | Tue, 28 Sep 2021 12:06:22 |
| CVE-2021-29358 | A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DO... | Tue, 28 Sep 2021 12:05:57 |
| CVE-2021-41104 | ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 20... | Tue, 28 Sep 2021 11:19:52 |
| CVE-2021-37106 | There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processi... | Tue, 28 Sep 2021 10:42:13 |
| CVE-2021-37105 | There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verificat... | Tue, 28 Sep 2021 10:41:53 |
| CVE-2021-37104 | There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is du... | Tue, 28 Sep 2021 10:41:28 |
| CVE-2021-38124 | Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0... | Tue, 28 Sep 2021 10:05:53 |
| CVE-2021-22535 | Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product,... | Tue, 28 Sep 2021 10:05:40 |
| CVE-2021-34636 | The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save... | Tue, 28 Sep 2021 10:05:17 |
| CVE-2021-37146 | An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows r... | Tue, 28 Sep 2021 09:03:59 |
| CVE-2021-41540 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... | Tue, 28 Sep 2021 07:21:24 |
| CVE-2021-41539 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... | Tue, 28 Sep 2021 07:21:02 |
| CVE-2021-41538 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable t... | Tue, 28 Sep 2021 07:20:32 |
| CVE-2021-41537 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... | Tue, 28 Sep 2021 07:20:10 |
| CVE-2021-41536 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... | Tue, 28 Sep 2021 07:19:50 |
| CVE-2021-41535 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-... | Tue, 28 Sep 2021 07:19:34 |
| CVE-2021-41534 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable t... | Tue, 28 Sep 2021 07:19:07 |
| CVE-2021-41533 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable t... | Tue, 28 Sep 2021 07:18:52 |
| CVE-2021-36165 | RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends use... | Tue, 28 Sep 2021 06:08:04 |
| CVE-2021-33601 | A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify se... | Tue, 28 Sep 2021 06:07:42 |
| CVE-2021-33600 | A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnera... | Tue, 28 Sep 2021 05:40:03 |
| CVE-2020-20696 | A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary we... | Mon, 27 Sep 2021 18:07:30 |
| CVE-2020-20695 | A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTM... | Mon, 27 Sep 2021 18:07:04 |
| CVE-2020-20693 | A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accoun... | Mon, 27 Sep 2021 18:06:51 |
| CVE-2020-20692 | GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.p... | Mon, 27 Sep 2021 18:06:25 |
| CVE-2020-20691 | An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension fil... | Mon, 27 Sep 2021 18:06:06 |
| CVE-2021-37274 | Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain comput... | Mon, 27 Sep 2021 17:06:18 |
| CVE-2021-37270 | There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this v... | Mon, 27 Sep 2021 17:06:04 |
| CVE-2020-24930 | Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS... | Mon, 27 Sep 2021 17:05:36 |
| CVE-2021-41098 | Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 a... | Mon, 27 Sep 2021 15:38:24 |
| CVE-2021-41095 | Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and ea... | Mon, 27 Sep 2021 15:34:45 |
| CVE-2021-41096 | Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earl... | Mon, 27 Sep 2021 15:27:51 |
| CVE-2021-41097 | aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vul... | Mon, 27 Sep 2021 13:48:03 |
| CVE-2021-20035 | Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inje... | Mon, 27 Sep 2021 13:27:27 |
| CVE-2021-20034 | An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal chec... | Mon, 27 Sep 2021 13:27:06 |
| CVE-2021-41753 | A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B0... | Mon, 27 Sep 2021 13:06:50 |
| CVE-2021-41558 | The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. | Mon, 27 Sep 2021 13:06:23 |
| CVE-2021-40329 | The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. | Mon, 27 Sep 2021 13:05:57 |
| CVE-2021-37761 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code exe... | Mon, 27 Sep 2021 13:05:33 |
| CVE-2021-36134 | Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent u... | Mon, 27 Sep 2021 13:05:17 |
| CVE-2021-23445 | This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would no... | Mon, 27 Sep 2021 12:41:02 |
| CVE-2021-39828 | Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editio... | Mon, 27 Sep 2021 12:12:40 |
| CVE-2021-39827 | Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editi... | Mon, 27 Sep 2021 12:12:13 |
| CVE-2021-39826 | Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authentic... | Mon, 27 Sep 2021 12:11:57 |
| CVE-2021-39825 | Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerab... | Mon, 27 Sep 2021 12:11:28 |
| CVE-2021-39818 | Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malici... | Mon, 27 Sep 2021 12:11:05 |
| CVE-2021-40714 | Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability vi... | Mon, 27 Sep 2021 12:10:42 |
| CVE-2021-40713 | Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the ... | Mon, 27 Sep 2021 12:10:30 |
| CVE-2021-40712 | Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path ... | Mon, 27 Sep 2021 12:10:13 |
| CVE-2021-40711 | Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragme... | Mon, 27 Sep 2021 12:09:51 |
| CVE-2021-40709 | Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when pa... | Mon, 27 Sep 2021 12:09:30 |
| CVE-2021-40703 | Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... | Mon, 27 Sep 2021 12:09:04 |
| CVE-2021-40702 | Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... | Mon, 27 Sep 2021 12:08:46 |
| CVE-2021-40701 | Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... | Mon, 27 Sep 2021 12:08:23 |
| CVE-2021-40700 | Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... | Mon, 27 Sep 2021 12:08:09 |
| CVE-2021-39824 | Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure h... | Mon, 27 Sep 2021 12:07:55 |
| CVE-2021-39823 | Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow ... | Mon, 27 Sep 2021 12:07:33 |
| CVE-2021-39819 | Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malici... | Mon, 27 Sep 2021 12:07:16 |
| CVE-2021-36880 | Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: cu... | Mon, 27 Sep 2021 12:07:01 |
| CVE-2021-36879 | Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress co... | Mon, 27 Sep 2021 12:06:49 |
| CVE-2021-36877 | Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attack... | Mon, 27 Sep 2021 12:06:37 |
| CVE-2021-36876 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF ... | Mon, 27 Sep 2021 12:06:15 |
| CVE-2021-36875 | Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable... | Mon, 27 Sep 2021 12:05:46 |
| CVE-2021-36874 | Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | Mon, 27 Sep 2021 12:05:22 |
| CVE-2021-36845 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions... | Mon, 27 Sep 2021 12:05:09 |
| CVE-2021-36841 | Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, ... | Mon, 27 Sep 2021 12:04:40 |
| CVE-2021-28613 | Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could al... | Mon, 27 Sep 2021 12:04:22 |
| CVE-2021-24671 | The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks ... | Mon, 27 Sep 2021 11:33:58 |
| CVE-2021-24670 | The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as C... | Mon, 27 Sep 2021 11:33:28 |
| CVE-2021-24666 | The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default)... | Mon, 27 Sep 2021 11:33:09 |