CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Date |
|---|---|---|
| CVE-2021-34864 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... | Mon, 25 Oct 2021 13:18:17 |
| CVE-2021-34863 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... | Mon, 25 Oct 2021 13:17:54 |
| CVE-2021-34862 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... | Mon, 25 Oct 2021 13:17:38 |
| CVE-2021-34861 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1... | Mon, 25 Oct 2021 13:17:19 |
| CVE-2021-34860 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DA... | Mon, 25 Oct 2021 13:16:56 |
| CVE-2021-34859 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User ... | Mon, 25 Oct 2021 13:16:38 |
| CVE-2021-34857 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... | Mon, 25 Oct 2021 13:16:13 |
| CVE-2021-34856 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... | Mon, 25 Oct 2021 13:15:52 |
| CVE-2021-34855 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16... | Mon, 25 Oct 2021 13:15:34 |
| CVE-2021-34854 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160... | Mon, 25 Oct 2021 13:15:18 |
| CVE-2021-41176 | Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodact... | Mon, 25 Oct 2021 12:56:10 |
| CVE-2021-37624 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a sof... | Mon, 25 Oct 2021 12:14:40 |
| CVE-2021-21319 | Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malic... | Mon, 25 Oct 2021 12:03:39 |
| CVE-2021-41035 | In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible... | Mon, 25 Oct 2021 11:08:25 |
| CVE-2020-20908 | Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execu... | Mon, 25 Oct 2021 11:02:17 |
| CVE-2021-0939 | In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could l... | Mon, 25 Oct 2021 10:16:34 |
| CVE-2021-0938 | In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could... | Mon, 25 Oct 2021 10:16:21 |
| CVE-2021-0661 | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... | Mon, 25 Oct 2021 10:16:05 |
| CVE-2021-0631 | In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service w... | Mon, 25 Oct 2021 10:15:53 |
| CVE-2021-0630 | In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service w... | Mon, 25 Oct 2021 10:15:32 |
| CVE-2021-0625 | In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with ... | Mon, 25 Oct 2021 10:15:05 |
| CVE-2021-0618 | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... | Mon, 25 Oct 2021 10:14:44 |
| CVE-2021-0616 | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... | Mon, 25 Oct 2021 10:14:21 |
| CVE-2021-0615 | In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information dis... | Mon, 25 Oct 2021 10:14:02 |
| CVE-2021-0613 | In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... | Mon, 25 Oct 2021 10:13:34 |
| CVE-2021-0414 | In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... | Mon, 25 Oct 2021 10:13:08 |
| CVE-2021-0413 | In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information ... | Mon, 25 Oct 2021 10:12:47 |
| CVE-2021-0411 | In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information dis... | Mon, 25 Oct 2021 10:12:34 |
| CVE-2021-0410 | In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... | Mon, 25 Oct 2021 10:12:14 |
| CVE-2021-0409 | In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... | Mon, 25 Oct 2021 10:11:49 |
| CVE-2021-0941 | In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local ... | Mon, 25 Oct 2021 10:11:30 |
| CVE-2021-0940 | In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privil... | Mon, 25 Oct 2021 10:11:06 |
| CVE-2021-0936 | In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalat... | Mon, 25 Oct 2021 10:10:53 |
| CVE-2021-0935 | In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escala... | Mon, 25 Oct 2021 10:10:27 |
| CVE-2021-0663 | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... | Mon, 25 Oct 2021 10:10:08 |
| CVE-2021-0662 | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation o... | Mon, 25 Oct 2021 10:09:52 |
| CVE-2021-0634 | In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of pr... | Mon, 25 Oct 2021 10:09:38 |
| CVE-2021-0633 | In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalat... | Mon, 25 Oct 2021 10:09:13 |
| CVE-2021-0632 | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information d... | Mon, 25 Oct 2021 10:09:01 |
| CVE-2021-0617 | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information ... | Mon, 25 Oct 2021 10:08:47 |
| CVE-2021-0614 | In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local informati... | Mon, 25 Oct 2021 10:08:27 |
| CVE-2021-0412 | In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information ... | Mon, 25 Oct 2021 10:08:06 |
| CVE-2017-20007 | Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive inf... | Mon, 25 Oct 2021 10:07:40 |
| CVE-2020-14264 | "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConne... | Mon, 25 Oct 2021 09:44:10 |
| CVE-2021-24885 | The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, l... | Mon, 25 Oct 2021 09:34:01 |
| CVE-2021-24884 | The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a>... | Mon, 25 Oct 2021 09:33:36 |
| CVE-2021-24785 | The Great Quotes WordPress plugin through 1.0.0 does not sanitise and escape the Quote and Author fields of its Quotes, which... | Mon, 25 Oct 2021 09:33:14 |
| CVE-2021-24779 | The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any ca... | Mon, 25 Oct 2021 09:32:57 |
| CVE-2021-24774 | The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters bef... | Mon, 25 Oct 2021 09:32:30 |
| CVE-2021-24769 | The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using i... | Mon, 25 Oct 2021 09:32:06 |
| CVE-2021-24744 | The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outp... | Mon, 25 Oct 2021 09:31:52 |
| CVE-2021-24699 | The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow u... | Mon, 25 Oct 2021 09:31:31 |
| CVE-2021-24662 | The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQ... | Mon, 25 Oct 2021 09:31:11 |
| CVE-2021-24653 | The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitise the Cookie Bar Message setting, which could allow hig... | Mon, 25 Oct 2021 09:30:57 |
| CVE-2021-24608 | The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise... | Mon, 25 Oct 2021 09:30:40 |
| CVE-2021-24544 | The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allow... | Mon, 25 Oct 2021 09:30:13 |
| CVE-2021-24543 | The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise... | Mon, 25 Oct 2021 09:29:43 |
| CVE-2021-24515 | The Video Gallery – Vimeo and YouTube Gallery WordPress plugin through 1.1.4 does not escape the Title and Description of t... | Mon, 25 Oct 2021 09:29:30 |
| CVE-2021-24514 | The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege user... | Mon, 25 Oct 2021 09:29:17 |
| CVE-2021-24489 | The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin das... | Mon, 25 Oct 2021 09:29:02 |
| CVE-2021-24487 | The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display ... | Mon, 25 Oct 2021 09:28:35 |
| CVE-2021-24485 | The Special Text Boxes WordPress plugin through 5.9.109 does not sanitise or escape some of its settings, which could allow h... | Mon, 25 Oct 2021 09:28:14 |
| CVE-2021-24414 | The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, all... | Mon, 25 Oct 2021 09:27:54 |
| CVE-2021-24381 | The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form f... | Mon, 25 Oct 2021 09:27:41 |
| CVE-2021-25977 | In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a... | Mon, 25 Oct 2021 09:16:52 |
| CVE-2021-35231 | As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker... | Mon, 25 Oct 2021 09:06:48 |
| CVE-2021-40865 | An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth... | Mon, 25 Oct 2021 08:31:27 |
| CVE-2021-38294 | A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache ... | Mon, 25 Oct 2021 08:31:00 |
| CVE-2021-40527 | Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and includi... | Mon, 25 Oct 2021 07:03:53 |
| CVE-2021-40526 | Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to tr... | Mon, 25 Oct 2021 07:03:34 |
| CVE-2021-40371 | Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as de... | Mon, 25 Oct 2021 03:06:07 |
| CVE-2021-21703 | In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with m... | Mon, 25 Oct 2021 01:43:28 |
| CVE-2021-42258 | BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as ... | Fri, 22 Oct 2021 18:03:39 |
| CVE-2020-36502 | Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename par... | Fri, 22 Oct 2021 16:25:16 |
| CVE-2020-36501 | Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arb... | Fri, 22 Oct 2021 16:24:54 |
| CVE-2020-36499 | TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the c... | Fri, 22 Oct 2021 16:24:35 |
| CVE-2020-36498 | Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account r... | Fri, 22 Oct 2021 16:24:07 |
| CVE-2020-36497 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_home... | Fri, 22 Oct 2021 16:23:48 |
| CVE-2020-36496 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_use... | Fri, 22 Oct 2021 16:23:34 |
| CVE-2020-36495 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_v... | Fri, 22 Oct 2021 16:23:04 |
| CVE-2020-36494 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edi... | Fri, 22 Oct 2021 16:22:47 |
| CVE-2020-36493 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.ph... | Fri, 22 Oct 2021 16:22:23 |
| CVE-2020-36492 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.... | Fri, 22 Oct 2021 16:22:01 |
| CVE-2020-36491 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php... | Fri, 22 Oct 2021 16:21:46 |
| CVE-2020-36490 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_v... | Fri, 22 Oct 2021 16:21:26 |
| CVE-2020-36489 | Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicena... | Fri, 22 Oct 2021 16:21:02 |
| CVE-2020-36488 | An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. | Fri, 22 Oct 2021 16:20:40 |
| CVE-2020-36486 | Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'pat... | Fri, 22 Oct 2021 16:20:12 |
| CVE-2020-36485 | Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the... | Fri, 22 Oct 2021 16:19:49 |
| CVE-2020-28969 | Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a c... | Fri, 22 Oct 2021 16:19:20 |
| CVE-2020-28968 | Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Config... | Fri, 22 Oct 2021 16:19:00 |
| CVE-2020-28967 | FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allo... | Fri, 22 Oct 2021 16:18:33 |
| CVE-2020-28964 | Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerabil... | Fri, 22 Oct 2021 16:18:18 |
| CVE-2020-28963 | Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function. | Fri, 22 Oct 2021 16:18:05 |
| CVE-2020-28961 | Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/clie... | Fri, 22 Oct 2021 16:17:35 |
| CVE-2020-28960 | Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the i... | Fri, 22 Oct 2021 16:17:11 |
| CVE-2020-28957 | Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute... | Fri, 22 Oct 2021 16:16:57 |
| CVE-2020-28956 | Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbit... | Fri, 22 Oct 2021 16:16:45 |
| CVE-2020-28955 | SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vul... | Fri, 22 Oct 2021 16:16:16 |
| CVE-2020-23061 | Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `dow... | Fri, 22 Oct 2021 16:15:49 |