CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2022-46359 Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code... Mon, 30 Jan 2023 03:07:15
CVE-2022-46358 Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code... Mon, 30 Jan 2023 03:06:56
CVE-2022-46357 Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code... Mon, 30 Jan 2023 03:06:34
CVE-2022-46356 Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code... Mon, 30 Jan 2023 03:06:13
CVE-2023-22333 Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arb... Mon, 30 Jan 2023 01:53:51
CVE-2023-22332 Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4... Mon, 30 Jan 2023 01:53:37
CVE-2023-22324 SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to... Mon, 30 Jan 2023 01:53:21
CVE-2023-22322 Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier... Mon, 30 Jan 2023 01:53:03
CVE-2023-24623 Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for ... Mon, 30 Jan 2023 00:07:35
CVE-2023-24622 isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for externa... Mon, 30 Jan 2023 00:07:17
CVE-2022-25967 Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configu... Mon, 30 Jan 2023 00:06:52
CVE-2022-25936 Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePat... Mon, 30 Jan 2023 00:06:23
CVE-2022-48303 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Ex... Sun, 29 Jan 2023 23:04:31
CVE-2023-24612 The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. Sun, 29 Jan 2023 22:05:35
CVE-2022-27596 A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remot... Sun, 29 Jan 2023 21:03:45
CVE-2021-46873 WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to ... Sun, 29 Jan 2023 18:05:18
CVE-2023-0572 Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. Sun, 29 Jan 2023 17:41:11
CVE-2023-24065 NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing use... Sun, 29 Jan 2023 17:05:02
CVE-2023-0566 Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. Sun, 29 Jan 2023 16:44:33
CVE-2023-0565 Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10. Sun, 29 Jan 2023 16:41:05
CVE-2016-15022 A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability ... Sun, 29 Jan 2023 14:05:02
CVE-2009-10003 A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unkno... Sun, 29 Jan 2023 14:04:41
CVE-2023-0571 A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerabil... Sun, 29 Jan 2023 13:03:32
CVE-2023-0570 A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. ... Sun, 29 Jan 2023 13:03:05
CVE-2023-0569 Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. Sun, 29 Jan 2023 11:29:31
CVE-2022-48285 loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. Sun, 29 Jan 2023 00:17:36
CVE-2023-0564 Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. Sat, 28 Jan 2023 20:07:21
CVE-2021-4315 A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown c... Sat, 28 Jan 2023 18:07:11
CVE-2023-0563 A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unk... Sat, 28 Jan 2023 18:06:49
CVE-2023-0562 A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this is... Sat, 28 Jan 2023 18:06:35
CVE-2023-0561 A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. ... Sat, 28 Jan 2023 12:04:36
CVE-2023-0560 A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System ... Sat, 28 Jan 2023 12:04:11
CVE-2023-23629 Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intend... Fri, 27 Jan 2023 21:04:48
CVE-2023-23628 Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an ... Fri, 27 Jan 2023 21:04:28
CVE-2023-23627 Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site... Fri, 27 Jan 2023 19:06:38
CVE-2023-23624 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the... Fri, 27 Jan 2023 19:06:16
CVE-2023-23621 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the... Fri, 27 Jan 2023 19:06:02
CVE-2023-23617 OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filt... Fri, 27 Jan 2023 19:05:46
CVE-2023-22737 wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09... Fri, 27 Jan 2023 19:05:17
CVE-2023-23616 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` ... Fri, 27 Jan 2023 18:54:07
CVE-2023-23620 Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` ... Fri, 27 Jan 2023 18:48:06
CVE-2022-39324 Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can c... Fri, 27 Jan 2023 18:02:16
CVE-2022-23552 Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.1... Fri, 27 Jan 2023 18:01:58
CVE-2023-0558 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptib... Fri, 27 Jan 2023 17:12:37
CVE-2023-0557 The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.... Fri, 27 Jan 2023 17:12:25
CVE-2023-0556 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several fun... Fri, 27 Jan 2023 17:11:58
CVE-2022-46968 A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers ... Fri, 27 Jan 2023 17:11:40
CVE-2022-43980 There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attack... Fri, 27 Jan 2023 17:11:23
CVE-2022-43979 There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the pa... Fri, 27 Jan 2023 17:10:53
CVE-2022-43978 There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid ses... Fri, 27 Jan 2023 17:10:29
CVE-2022-39813 Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j... Fri, 27 Jan 2023 17:10:14
CVE-2022-39812 Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated u... Fri, 27 Jan 2023 17:09:55
CVE-2022-39811 Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/Sav... Fri, 27 Jan 2023 17:09:38
CVE-2022-4255 An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prio... Fri, 27 Jan 2023 17:09:21
CVE-2022-4205 In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. Fri, 27 Jan 2023 17:09:00
CVE-2022-4201 A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows a... Fri, 27 Jan 2023 17:08:37
CVE-2023-0555 The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its... Fri, 27 Jan 2023 16:08:05
CVE-2023-0554 The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, ... Fri, 27 Jan 2023 16:07:38
CVE-2023-0553 The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in ve... Fri, 27 Jan 2023 16:07:19
CVE-2023-0550 The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and inclu... Fri, 27 Jan 2023 16:06:52
CVE-2019-25053 A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to ... Fri, 27 Jan 2023 16:06:25
CVE-2022-48108 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/Su... Fri, 27 Jan 2023 16:05:58
CVE-2022-48107 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IP... Fri, 27 Jan 2023 16:05:28
CVE-2022-39380 Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Con... Fri, 27 Jan 2023 16:05:10
CVE-2022-48118 Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. Fri, 27 Jan 2023 15:03:47
CVE-2022-48116 AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php... Fri, 27 Jan 2023 15:03:21
CVE-2021-41231 OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to uploa... Fri, 27 Jan 2023 14:04:22
CVE-2021-41144 OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block bl... Fri, 27 Jan 2023 14:04:05
CVE-2021-41143 OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the custome... Fri, 27 Jan 2023 14:03:49
CVE-2023-0549 A vulnerability, which was classified as problematic, has been found in YAFNET 3.1.9/3.1.10. This issue affects some unknown ... Fri, 27 Jan 2023 14:03:35
CVE-2021-39217 OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute a... Fri, 27 Jan 2023 13:06:01
CVE-2023-22242 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affec... Fri, 27 Jan 2023 13:05:31
CVE-2023-22241 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affec... Fri, 27 Jan 2023 13:05:19
CVE-2023-22240 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affec... Fri, 27 Jan 2023 13:05:05
CVE-2022-48013 Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.... Fri, 27 Jan 2023 13:04:41
CVE-2022-48012 Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/in... Fri, 27 Jan 2023 13:04:11
CVE-2022-48011 Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors f... Fri, 27 Jan 2023 13:03:45
CVE-2022-48010 LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/su... Fri, 27 Jan 2023 13:03:19
CVE-2022-48008 An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code... Fri, 27 Jan 2023 13:02:59
CVE-2022-48007 A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitra... Fri, 27 Jan 2023 13:02:40
CVE-2022-4335 A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior ... Fri, 27 Jan 2023 13:02:26
CVE-2022-4285 An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version inform... Fri, 27 Jan 2023 13:02:04
CVE-2022-4139 An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory c... Fri, 27 Jan 2023 13:01:45
CVE-2021-21395 Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 1... Fri, 27 Jan 2023 11:05:16
CVE-2022-48073 Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. Fri, 27 Jan 2023 10:05:39
CVE-2022-48072 Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automa... Fri, 27 Jan 2023 10:05:25
CVE-2022-48071 Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. Fri, 27 Jan 2023 10:05:08
CVE-2022-48070 Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the auto... Fri, 27 Jan 2023 10:04:47
CVE-2022-48069 Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. Fri, 27 Jan 2023 10:04:20
CVE-2022-48067 An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a br... Fri, 27 Jan 2023 10:04:00
CVE-2022-48066 An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted c... Fri, 27 Jan 2023 10:03:45
CVE-2022-47632 Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege manag... Fri, 27 Jan 2023 10:03:22
CVE-2022-44718 An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful l... Fri, 27 Jan 2023 09:06:07
CVE-2022-44717 An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful l... Fri, 27 Jan 2023 09:05:50
CVE-2022-44715 Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a ... Fri, 27 Jan 2023 09:05:32
CVE-2022-44298 SiteServer CMS 7.1.3 is vulnerable to SQL Injection. Fri, 27 Jan 2023 09:05:16
CVE-2022-44029 An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6... Fri, 27 Jan 2023 09:04:49
CVE-2022-44028 An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6... Fri, 27 Jan 2023 09:04:24
CVE-2022-44027 An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6... Fri, 27 Jan 2023 09:04:01
CVE-2022-44026 An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6... Fri, 27 Jan 2023 09:03:39
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report