CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2022-2289 Use After Free in GitHub repository vim/vim prior to 9.0. Sun, 03 Jul 2022 10:19:40
CVE-2022-2288 Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. Sun, 03 Jul 2022 08:46:04
CVE-2022-2290 Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. Sun, 03 Jul 2022 02:10:42
CVE-2022-2287 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. Sat, 02 Jul 2022 17:26:27
CVE-2022-34913 ** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive cha... Sat, 02 Jul 2022 16:04:42
CVE-2022-34912 An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contrib... Sat, 02 Jul 2022 16:04:23
CVE-2022-34911 An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur ... Sat, 02 Jul 2022 16:04:05
CVE-2022-2286 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. Sat, 02 Jul 2022 15:03:12
CVE-2022-2285 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. Sat, 02 Jul 2022 11:43:13
CVE-2022-2284 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Sat, 02 Jul 2022 10:34:43
CVE-2022-28200 NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read an... Fri, 01 Jul 2022 20:24:37
CVE-2022-32551 Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or s... Fri, 01 Jul 2022 20:01:58
CVE-2022-34903 GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and... Fri, 01 Jul 2022 18:07:03
CVE-2022-32412 An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Fri, 01 Jul 2022 18:06:45
CVE-2022-32411 An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Fri, 01 Jul 2022 18:06:32
CVE-2022-32325 JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. Fri, 01 Jul 2022 18:06:04
CVE-2022-32324 PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. Fri, 01 Jul 2022 18:05:46
CVE-2022-32420 College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teach... Fri, 01 Jul 2022 17:08:06
CVE-2022-32384 Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasi... Fri, 01 Jul 2022 17:07:53
CVE-2022-32095 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.ph... Fri, 01 Jul 2022 17:07:39
CVE-2022-32094 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlo... Fri, 01 Jul 2022 17:07:25
CVE-2022-32093 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlog... Fri, 01 Jul 2022 17:07:05
CVE-2022-31943 MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. Fri, 01 Jul 2022 17:06:49
CVE-2022-25896 This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being ... Fri, 01 Jul 2022 16:14:58
CVE-2022-25900 All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of g... Fri, 01 Jul 2022 16:10:21
CVE-2022-25898 The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signa... Fri, 01 Jul 2022 16:09:52
CVE-2022-25876 The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send... Fri, 01 Jul 2022 16:09:30
CVE-2022-25758 All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation(... Fri, 01 Jul 2022 16:09:18
CVE-2022-32091 MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sani... Fri, 01 Jul 2022 16:05:46
CVE-2022-32089 MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. Fri, 01 Jul 2022 16:05:32
CVE-2022-32088 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort... Fri, 01 Jul 2022 16:05:01
CVE-2022-32087 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. Fri, 01 Jul 2022 16:04:37
CVE-2022-32086 MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. Fri, 01 Jul 2022 16:04:25
CVE-2022-32085 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_p... Fri, 01 Jul 2022 16:04:02
CVE-2022-32084 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Fri, 01 Jul 2022 16:03:45
CVE-2022-32083 MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tra... Fri, 01 Jul 2022 16:03:31
CVE-2022-32082 MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. Fri, 01 Jul 2022 16:03:18
CVE-2022-32081 MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/hand... Fri, 01 Jul 2022 16:03:01
CVE-2021-37524 Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web scri... Fri, 01 Jul 2022 14:15:07
CVE-2022-32053 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN... Fri, 01 Jul 2022 14:14:47
CVE-2022-32052 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004... Fri, 01 Jul 2022 14:14:22
CVE-2022-32051 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in... Fri, 01 Jul 2022 14:13:54
CVE-2022-32050 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN... Fri, 01 Jul 2022 14:13:35
CVE-2022-32049 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_0041... Fri, 01 Jul 2022 14:13:12
CVE-2022-32048 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_... Fri, 01 Jul 2022 14:12:43
CVE-2022-32047 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004... Fri, 01 Jul 2022 14:12:29
CVE-2022-32046 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004... Fri, 01 Jul 2022 14:12:13
CVE-2022-32045 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004... Fri, 01 Jul 2022 14:12:00
CVE-2022-32044 TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN... Fri, 01 Jul 2022 14:11:40
CVE-2022-32043 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. Fri, 01 Jul 2022 14:11:11
CVE-2022-32041 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. Fri, 01 Jul 2022 14:10:55
CVE-2022-32040 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. Fri, 01 Jul 2022 14:10:25
CVE-2022-32039 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. Fri, 01 Jul 2022 14:09:56
CVE-2022-32037 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. Fri, 01 Jul 2022 14:09:44
CVE-2022-32036 Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and tradema... Fri, 01 Jul 2022 14:09:14
CVE-2022-32035 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. Fri, 01 Jul 2022 14:09:01
CVE-2022-32034 Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. Fri, 01 Jul 2022 14:08:35
CVE-2022-32033 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. Fri, 01 Jul 2022 14:08:15
CVE-2022-32032 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilte... Fri, 01 Jul 2022 14:07:46
CVE-2022-32031 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. Fri, 01 Jul 2022 14:07:16
CVE-2022-32030 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. Fri, 01 Jul 2022 14:07:01
CVE-2022-22373 An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to cre... Fri, 01 Jul 2022 14:06:39
CVE-2022-22367 IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local ... Fri, 01 Jul 2022 14:06:22
CVE-2022-22366 IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be ... Fri, 01 Jul 2022 14:06:09
CVE-2022-1954 A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0... Fri, 01 Jul 2022 14:05:56
CVE-2022-0167 An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14... Fri, 01 Jul 2022 14:05:41
CVE-2022-31605 NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() i... Fri, 01 Jul 2022 13:22:25
CVE-2022-31604 NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are tra... Fri, 01 Jul 2022 13:21:59
CVE-2022-2270 An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 1... Fri, 01 Jul 2022 13:07:49
CVE-2022-2229 An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and ... Fri, 01 Jul 2022 13:07:20
CVE-2022-2228 Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to ... Fri, 01 Jul 2022 13:06:59
CVE-2022-1999 An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.... Fri, 01 Jul 2022 13:06:34
CVE-2022-1981 An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, a... Fri, 01 Jul 2022 13:06:15
CVE-2022-1963 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting ... Fri, 01 Jul 2022 13:05:58
CVE-2022-31113 Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerabil... Fri, 01 Jul 2022 12:34:26
CVE-2022-2281 An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4,... Fri, 01 Jul 2022 12:06:42
CVE-2022-2254 A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact othe... Fri, 01 Jul 2022 12:06:20
CVE-2022-2250 An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 1... Fri, 01 Jul 2022 12:05:59
CVE-2022-2244 An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0... Fri, 01 Jul 2022 12:05:43
CVE-2022-2243 An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and ... Fri, 01 Jul 2022 12:05:13
CVE-2022-2235 Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior... Fri, 01 Jul 2022 12:04:52
CVE-2022-2230 A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 pri... Fri, 01 Jul 2022 12:04:26
CVE-2022-2227 Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4,... Fri, 01 Jul 2022 12:04:14
CVE-2022-2185 A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0... Fri, 01 Jul 2022 12:03:58
CVE-2022-1983 Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior ... Fri, 01 Jul 2022 12:03:42
CVE-2022-2253 A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the ho... Fri, 01 Jul 2022 11:02:19
CVE-2014-3650 Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A ... Fri, 01 Jul 2022 10:08:45
CVE-2014-3648 The simplepush server iterates through the application installations and pushes a notification to the server provided by devi... Fri, 01 Jul 2022 10:08:27
CVE-2022-2282 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All referen... Fri, 01 Jul 2022 08:35:05
CVE-2022-33103 Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). Fri, 01 Jul 2022 08:05:23
CVE-2022-33099 An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs... Fri, 01 Jul 2022 08:04:56
CVE-2022-2264 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Fri, 01 Jul 2022 07:08:14
CVE-2022-34894 In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services Fri, 01 Jul 2022 06:02:46
CVE-2022-2279 NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. Fri, 01 Jul 2022 04:26:44
CVE-2022-2280 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Fri, 01 Jul 2022 04:23:10
CVE-2022-2274 The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instru... Fri, 01 Jul 2022 03:34:39
CVE-2021-32428 SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 ... Thu, 30 Jun 2022 20:06:56
CVE-2022-32988 Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlis... Thu, 30 Jun 2022 20:06:30
CVE-2022-32295 On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access ... Thu, 30 Jun 2022 20:06:11
CVE-2022-27904 The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorr... Thu, 30 Jun 2022 20:05:55
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report