CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-23758 All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserializati... Fri, 03 Dec 2021 15:09:31
CVE-2021-44349 SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.p... Fri, 03 Dec 2021 15:06:34
CVE-2021-44348 SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. Fri, 03 Dec 2021 15:06:20
CVE-2021-35346 tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(i... Fri, 03 Dec 2021 15:06:08
CVE-2021-35344 tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStre... Fri, 03 Dec 2021 15:05:55
CVE-2021-23562 This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacke... Fri, 03 Dec 2021 15:05:28
CVE-2021-44352 A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a pos... Fri, 03 Dec 2021 14:05:02
CVE-2021-44347 SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. Fri, 03 Dec 2021 14:04:47
CVE-2021-29867 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not h... Fri, 03 Dec 2021 12:05:44
CVE-2021-29756 IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could al... Fri, 03 Dec 2021 12:05:25
CVE-2021-29719 IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an ... Fri, 03 Dec 2021 12:05:05
CVE-2021-29716 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should on... Fri, 03 Dec 2021 12:04:35
CVE-2021-38909 IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr... Fri, 03 Dec 2021 12:04:19
CVE-2021-20493 IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr... Fri, 03 Dec 2021 12:04:04
CVE-2021-20470 IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it ea... Fri, 03 Dec 2021 12:03:37
CVE-2021-3980 elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor Fri, 03 Dec 2021 10:10:04
CVE-2021-43991 The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (al... Fri, 03 Dec 2021 10:06:40
CVE-2021-43676 matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. Fri, 03 Dec 2021 09:04:22
CVE-2021-44278 Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. Fri, 03 Dec 2021 08:03:31
CVE-2021-43674 ** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. Fri, 03 Dec 2021 08:03:07
CVE-2021-43673 dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of exit fu... Fri, 03 Dec 2021 07:04:27
CVE-2021-44022 A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installa... Fri, 03 Dec 2021 05:58:52
CVE-2021-44021 An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to e... Fri, 03 Dec 2021 05:58:21
CVE-2021-44020 An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to e... Fri, 03 Dec 2021 05:58:00
CVE-2021-44019 An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to e... Fri, 03 Dec 2021 05:57:34
CVE-2021-43772 Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modif... Fri, 03 Dec 2021 05:57:16
CVE-2021-4000 showdoc is vulnerable to URL Redirection to Untrusted Site Fri, 03 Dec 2021 05:53:33
CVE-2021-25785 Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. Thu, 02 Dec 2021 18:08:20
CVE-2021-25784 Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. Thu, 02 Dec 2021 18:08:08
CVE-2021-25783 Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. Thu, 02 Dec 2021 18:07:46
CVE-2020-29177 Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php. Thu, 02 Dec 2021 18:07:23
CVE-2020-29176 An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG ... Thu, 02 Dec 2021 18:07:00
CVE-2021-28237 LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. Thu, 02 Dec 2021 17:09:55
CVE-2021-28236 LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. Thu, 02 Dec 2021 17:09:37
CVE-2020-36135 AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c. Thu, 02 Dec 2021 17:09:13
CVE-2020-36134 AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c. Thu, 02 Dec 2021 17:08:55
CVE-2020-36133 AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. Thu, 02 Dec 2021 17:08:35
CVE-2020-36131 AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c. Thu, 02 Dec 2021 17:08:13
CVE-2020-36130 AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. Thu, 02 Dec 2021 17:07:53
CVE-2020-36129 AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. Thu, 02 Dec 2021 17:07:24
CVE-2021-43327 An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key fro... Thu, 02 Dec 2021 15:06:45
CVE-2021-44050 CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to in... Thu, 02 Dec 2021 14:02:28
CVE-2021-40334 Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows a... Thu, 02 Dec 2021 14:02:15
CVE-2021-40333 Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to th... Thu, 02 Dec 2021 14:01:56
CVE-2021-43795 Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file ... Thu, 02 Dec 2021 13:04:19
CVE-2015-20106 The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perf... Thu, 02 Dec 2021 12:41:27
CVE-2015-20105 The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacke... Thu, 02 Dec 2021 12:41:04
CVE-2021-44518 An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code... Thu, 02 Dec 2021 12:05:35
CVE-2021-3944 bookstack is vulnerable to Cross-Site Request Forgery (CSRF) Thu, 02 Dec 2021 11:47:22
CVE-2021-23264 Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete sear... Thu, 02 Dec 2021 10:51:15
CVE-2021-23263 Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of... Thu, 02 Dec 2021 10:50:52
CVE-2021-23262 Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. Thu, 02 Dec 2021 10:50:38
CVE-2021-23261 Authenticated administrators may override the system configuration file and cause a denial of service. Thu, 02 Dec 2021 10:50:22
CVE-2021-23260 Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other... Thu, 02 Dec 2021 10:50:00
CVE-2021-23259 Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to r... Thu, 02 Dec 2021 10:49:45
CVE-2021-23258 Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Ex... Thu, 02 Dec 2021 10:49:16
CVE-2021-43679 ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. Thu, 02 Dec 2021 10:05:56
CVE-2021-43682 thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.cl... Thu, 02 Dec 2021 09:03:33
CVE-2021-43686 nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminat... Thu, 02 Dec 2021 08:07:34
CVE-2021-43683 pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate th... Thu, 02 Dec 2021 08:07:13
CVE-2021-43681 SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit func... Thu, 02 Dec 2021 08:06:46
CVE-2021-26777 Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator... Wed, 01 Dec 2021 23:04:43
CVE-2020-27414 Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information... Wed, 01 Dec 2021 23:04:29
CVE-2021-44227 In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) t... Wed, 01 Dec 2021 22:05:53
CVE-2021-43791 Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions... Wed, 01 Dec 2021 19:17:13
CVE-2021-42711 Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is ... Wed, 01 Dec 2021 18:06:22
CVE-2020-35037 The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in ... Wed, 01 Dec 2021 17:55:39
CVE-2020-35012 The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement,... Wed, 01 Dec 2021 17:55:18
CVE-2021-33274 D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... Wed, 01 Dec 2021 17:07:07
CVE-2021-33271 D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... Wed, 01 Dec 2021 17:06:52
CVE-2021-33270 D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... Wed, 01 Dec 2021 17:06:39
CVE-2021-33269 D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... Wed, 01 Dec 2021 17:06:19
CVE-2021-33268 D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... Wed, 01 Dec 2021 17:06:04
CVE-2021-33267 D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... Wed, 01 Dec 2021 17:05:44
CVE-2021-33266 D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... Wed, 01 Dec 2021 17:05:26
CVE-2021-33265 D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflo... Wed, 01 Dec 2021 17:04:58
CVE-2021-43137 Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the ... Wed, 01 Dec 2021 15:03:43
CVE-2021-43794 Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. no... Wed, 01 Dec 2021 14:48:42
CVE-2021-43793 Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to v... Wed, 01 Dec 2021 14:48:13
CVE-2021-43792 Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the... Wed, 01 Dec 2021 14:45:09
CVE-2021-41039 In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties ... Wed, 01 Dec 2021 14:40:25
CVE-2021-43451 SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forge... Wed, 01 Dec 2021 14:01:51
CVE-2021-38575 NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Wed, 01 Dec 2021 12:45:55
CVE-2021-29863 IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to ... Wed, 01 Dec 2021 12:14:06
CVE-2021-29849 IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScr... Wed, 01 Dec 2021 12:13:37
CVE-2021-29779 IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange... Wed, 01 Dec 2021 12:13:19
CVE-2021-20400 IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly... Wed, 01 Dec 2021 12:12:49
CVE-2021-42776 CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. Wed, 01 Dec 2021 12:06:00
CVE-2021-44480 Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a... Wed, 01 Dec 2021 11:07:16
CVE-2021-26334 The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead t... Wed, 01 Dec 2021 11:06:58
CVE-2021-20611 Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Seri... Wed, 01 Dec 2021 11:06:44
CVE-2021-20610 Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" a... Wed, 01 Dec 2021 11:06:27
CVE-2021-20609 Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC i... Wed, 01 Dec 2021 11:06:10
CVE-2021-43687 chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker ... Wed, 01 Dec 2021 11:05:55
CVE-2021-43685 libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/c... Wed, 01 Dec 2021 11:05:28
CVE-2020-10627 Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless... Wed, 01 Dec 2021 11:05:08
CVE-2021-44479 NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB I... Wed, 01 Dec 2021 10:04:21
CVE-2021-43689 manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/Go... Wed, 01 Dec 2021 10:04:05
CVE-2021-40154 NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request ... Wed, 01 Dec 2021 10:03:43
CVE-2021-44279 Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. Wed, 01 Dec 2021 09:02:25
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report