CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2023-5134 | The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in ve... | Sat, 23 Sep 2023 04:02:19 |
| CVE-2023-5125 | The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in vers... | Sat, 23 Sep 2023 01:05:33 |
| CVE-2023-43470 | SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the c... | Fri, 22 Sep 2023 20:13:51 |
| CVE-2023-43469 | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the For... | Fri, 22 Sep 2023 20:10:51 |
| CVE-2023-43468 | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the log... | Fri, 22 Sep 2023 20:07:51 |
| CVE-2023-43338 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This... | Fri, 22 Sep 2023 20:04:51 |
| CVE-2023-43130 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. | Fri, 22 Sep 2023 19:05:56 |
| CVE-2023-43129 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOT... | Fri, 22 Sep 2023 19:02:56 |
| CVE-2023-40989 | SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a... | Fri, 22 Sep 2023 16:06:08 |
| CVE-2023-43270 | dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/p... | Fri, 22 Sep 2023 15:04:50 |
| CVE-2023-38346 | An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and there... | Fri, 22 Sep 2023 15:01:50 |
| CVE-2023-43640 | TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL inje... | Fri, 22 Sep 2023 14:08:30 |
| CVE-2023-42821 | The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudo... | Fri, 22 Sep 2023 13:17:27 |
| CVE-2023-42812 | Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request... | Fri, 22 Sep 2023 13:14:27 |
| CVE-2023-41031 | Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authent... | Fri, 22 Sep 2023 13:11:27 |
| CVE-2023-41029 | Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1... | Fri, 22 Sep 2023 13:08:27 |
| CVE-2023-41027 | Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.... | Fri, 22 Sep 2023 13:05:26 |
| CVE-2023-42811 | aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM ... | Fri, 22 Sep 2023 12:07:20 |
| CVE-2023-42798 | AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 ... | Fri, 22 Sep 2023 12:04:20 |
| CVE-2023-43144 | Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | Fri, 22 Sep 2023 11:08:39 |
| CVE-2023-23766 | An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying ... | Fri, 22 Sep 2023 11:05:39 |
| CVE-2022-4039 | A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management ... | Fri, 22 Sep 2023 11:02:38 |
| CVE-2023-34319 | The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not ... | Fri, 22 Sep 2023 10:12:33 |
| CVE-2023-5002 | A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external... | Fri, 22 Sep 2023 10:09:33 |
| CVE-2022-3874 | A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman in... | Fri, 22 Sep 2023 10:06:33 |
| CVE-2023-43784 | ** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose compo... | Fri, 22 Sep 2023 02:25:18 |
| CVE-2023-43783 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it h... | Fri, 22 Sep 2023 02:22:18 |
| CVE-2023-43782 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it ha... | Fri, 22 Sep 2023 02:19:17 |
| CVE-2023-43771 | In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. | Fri, 22 Sep 2023 02:16:17 |
| CVE-2023-43770 | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted li... | Fri, 22 Sep 2023 02:13:17 |
| CVE-2023-43090 | A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of t... | Fri, 22 Sep 2023 02:10:17 |
| CVE-2023-4774 | The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' sho... | Fri, 22 Sep 2023 02:07:17 |
| CVE-2023-4716 | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode... | Fri, 22 Sep 2023 02:04:17 |
| CVE-2023-43765 | Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithS... | Fri, 22 Sep 2023 01:23:49 |
| CVE-2023-43764 | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affe... | Fri, 22 Sep 2023 01:20:48 |
| CVE-2023-43763 | Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15... | Fri, 22 Sep 2023 01:17:48 |
| CVE-2023-43762 | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affe... | Fri, 22 Sep 2023 01:14:48 |
| CVE-2023-43760 | Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithS... | Fri, 22 Sep 2023 01:11:48 |
| CVE-2023-43767 | Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Sec... | Fri, 22 Sep 2023 01:08:48 |
| CVE-2023-43766 | Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Clie... | Fri, 22 Sep 2023 01:05:47 |
| CVE-2023-43761 | Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure S... | Fri, 22 Sep 2023 01:02:47 |
| CVE-2023-23362 | An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability all... | Fri, 22 Sep 2023 00:11:18 |
| CVE-2023-23364 | A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, ... | Fri, 22 Sep 2023 00:08:18 |
| CVE-2023-23363 | A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, t... | Fri, 22 Sep 2023 00:05:18 |
| CVE-2023-31719 | FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. | Thu, 21 Sep 2023 20:15:02 |
| CVE-2023-31718 | FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | Thu, 21 Sep 2023 20:12:01 |
| CVE-2023-31717 | A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. | Thu, 21 Sep 2023 20:09:01 |
| CVE-2023-31716 | FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | Thu, 21 Sep 2023 20:06:01 |
| CVE-2023-43128 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_... | Thu, 21 Sep 2023 19:16:59 |
| CVE-2023-41616 | A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and b... | Thu, 21 Sep 2023 19:13:59 |
| CVE-2023-41614 | A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows att... | Thu, 21 Sep 2023 19:10:59 |
| CVE-2023-5068 | Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This... | Thu, 21 Sep 2023 19:07:59 |
| CVE-2023-4504 | Due to failure in validating the length provided by an attacker-crafted PostScript document, CUPS and libppd are susceptible ... | Thu, 21 Sep 2023 19:04:58 |
| CVE-2023-42261 | ** DISPUTED ** Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's posi... | Thu, 21 Sep 2023 18:04:40 |
| CVE-2023-38344 | An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileCont... | Thu, 21 Sep 2023 17:08:26 |
| CVE-2023-38343 | An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4.... | Thu, 21 Sep 2023 17:05:26 |
| CVE-2023-42482 | Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. | Thu, 21 Sep 2023 16:10:49 |
| CVE-2023-34576 | SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQ... | Thu, 21 Sep 2023 16:07:49 |
| CVE-2023-42280 | mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify... | Thu, 21 Sep 2023 15:15:23 |
| CVE-2023-41993 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, ... | Thu, 21 Sep 2023 15:12:23 |
| CVE-2023-41992 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, w... | Thu, 21 Sep 2023 15:09:22 |
| CVE-2023-41991 | A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, w... | Thu, 21 Sep 2023 15:06:22 |
| CVE-2023-42810 | systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vu... | Thu, 21 Sep 2023 14:05:16 |
| CVE-2023-42279 | Dreamer CMS 4.1.3 is vulnerable to SQL Injection. | Thu, 21 Sep 2023 14:02:16 |
| CVE-2023-42807 | Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an... | Thu, 21 Sep 2023 13:18:09 |
| CVE-2023-42806 | Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` ... | Thu, 21 Sep 2023 13:15:09 |
| CVE-2023-42805 | quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC fr... | Thu, 21 Sep 2023 13:12:09 |
| CVE-2023-42458 | Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vul... | Thu, 21 Sep 2023 13:09:08 |
| CVE-2023-34577 | SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL c... | Thu, 21 Sep 2023 13:06:08 |
| CVE-2023-42456 | Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt,... | Thu, 21 Sep 2023 12:04:29 |
| CVE-2023-42457 | plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior... | Thu, 21 Sep 2023 11:09:10 |
| CVE-2023-41048 | plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Pr... | Thu, 21 Sep 2023 11:06:10 |
| CVE-2023-40183 | DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that ... | Thu, 21 Sep 2023 11:03:10 |
| CVE-2023-43637 | Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 ... | Thu, 21 Sep 2023 10:21:01 |
| CVE-2023-43634 | When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous projec... | Thu, 21 Sep 2023 10:18:01 |
| CVE-2023-43633 | On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the fi... | Thu, 21 Sep 2023 10:15:01 |
| CVE-2023-43632 | As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing lim... | Thu, 21 Sep 2023 10:12:01 |
| CVE-2023-43631 | On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is pre... | Thu, 21 Sep 2023 10:09:00 |
| CVE-2023-43309 | There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field... | Thu, 21 Sep 2023 10:06:00 |
| CVE-2023-43274 | Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. | Thu, 21 Sep 2023 10:03:00 |
| CVE-2023-43242 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. | Thu, 21 Sep 2023 09:28:10 |
| CVE-2023-43241 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecuri... | Thu, 21 Sep 2023 09:25:09 |
| CVE-2023-43240 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. | Thu, 21 Sep 2023 09:22:09 |
| CVE-2023-43239 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. | Thu, 21 Sep 2023 09:19:09 |
| CVE-2023-43238 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. | Thu, 21 Sep 2023 09:16:09 |
| CVE-2023-43237 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. | Thu, 21 Sep 2023 09:13:09 |
| CVE-2023-43236 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. | Thu, 21 Sep 2023 09:10:08 |
| CVE-2023-43235 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettin... | Thu, 21 Sep 2023 09:07:08 |
| CVE-2023-4753 | OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local... | Thu, 21 Sep 2023 06:02:35 |
| CVE-2023-5104 | Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. | Thu, 21 Sep 2023 05:07:51 |
| CVE-2023-4760 | In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the Fi... | Thu, 21 Sep 2023 04:07:06 |
| CVE-2023-4292 | Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulner... | Thu, 21 Sep 2023 03:11:39 |
| CVE-2023-4291 | Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code executio... | Thu, 21 Sep 2023 03:08:38 |
| CVE-2023-4152 | Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulne... | Thu, 21 Sep 2023 03:05:38 |
| CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attack... | Thu, 21 Sep 2023 02:14:26 |
| CVE-2023-43669 | The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumptio... | Thu, 21 Sep 2023 02:11:26 |
| CVE-2018-5478 | Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension. | Thu, 21 Sep 2023 02:08:26 |
| CVE-2015-8371 | Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-contro... | Thu, 21 Sep 2023 02:05:25 |
| CVE-2015-5467 | web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the ... | Thu, 21 Sep 2023 02:02:25 |
| CVE-2023-43135 | There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to... | Wed, 20 Sep 2023 18:20:29 |