CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-41617 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation bec... Sun, 26 Sep 2021 14:41:16
CVE-2021-3830 btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Sun, 26 Sep 2021 04:20:33
CVE-2021-21742 There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settin... Fri, 24 Sep 2021 20:03:40
CVE-2020-20514 A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers ... Fri, 24 Sep 2021 18:02:34
CVE-2020-20508 Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows ... Fri, 24 Sep 2021 18:02:12
CVE-2016-6555 OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied dat... Fri, 24 Sep 2021 17:09:19
CVE-2016-6556 OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied da... Fri, 24 Sep 2021 17:08:51
CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and ... Fri, 24 Sep 2021 17:02:53
CVE-2021-40654 An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging... Fri, 24 Sep 2021 16:43:06
CVE-2021-41504 ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. T... Fri, 24 Sep 2021 16:09:02
CVE-2021-41503 ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use... Fri, 24 Sep 2021 16:08:44
CVE-2021-2464 Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vu... Fri, 24 Sep 2021 15:02:47
CVE-2021-39246 Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v... Fri, 24 Sep 2021 14:42:40
CVE-2021-22868 A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Page... Fri, 24 Sep 2021 14:02:13
CVE-2021-22869 An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runne... Fri, 24 Sep 2021 13:55:22
CVE-2021-40309 A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to injec... Fri, 24 Sep 2021 12:05:50
CVE-2021-28130 Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within... Fri, 24 Sep 2021 12:05:29
CVE-2021-40310 OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via... Fri, 24 Sep 2021 11:43:02
CVE-2021-41588 In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The att... Fri, 24 Sep 2021 11:07:02
CVE-2021-41587 In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentia... Fri, 24 Sep 2021 11:06:46
CVE-2021-41586 In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system u... Fri, 24 Sep 2021 11:06:26
CVE-2021-40102 An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (... Fri, 24 Sep 2021 11:05:58
CVE-2021-40100 An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Edi... Fri, 24 Sep 2021 11:05:37
CVE-2021-40099 An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code executi... Fri, 24 Sep 2021 11:05:17
CVE-2021-36749 In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSo... Fri, 24 Sep 2021 05:36:21
CVE-2021-41584 Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive ... Thu, 23 Sep 2021 23:06:06
CVE-2021-41583 vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote... Thu, 23 Sep 2021 23:05:37
CVE-2021-41581 x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer ov... Thu, 23 Sep 2021 23:05:24
CVE-2021-31923 Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. Thu, 23 Sep 2021 23:05:12
CVE-2020-19951 A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive componen... Thu, 23 Sep 2021 16:06:16
CVE-2020-19950 A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbit... Thu, 23 Sep 2021 16:05:59
CVE-2020-19949 A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitra... Thu, 23 Sep 2021 16:05:29
CVE-2021-41088 Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web U... Thu, 23 Sep 2021 16:02:08
CVE-2021-38877 IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to emb... Thu, 23 Sep 2021 14:12:08
CVE-2021-29905 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulne... Thu, 23 Sep 2021 14:11:52
CVE-2021-29904 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text whi... Thu, 23 Sep 2021 14:11:30
CVE-2021-29833 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Thi... Thu, 23 Sep 2021 14:11:10
CVE-2021-29832 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Thi... Thu, 23 Sep 2021 14:10:42
CVE-2021-29816 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which... Thu, 23 Sep 2021 14:10:25
CVE-2021-29815 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Thi... Thu, 23 Sep 2021 14:10:07
CVE-2021-29814 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Thi... Thu, 23 Sep 2021 14:09:48
CVE-2021-29813 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Thi... Thu, 23 Sep 2021 14:09:25
CVE-2021-29812 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Thi... Thu, 23 Sep 2021 14:08:55
CVE-2021-29810 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Thi... Thu, 23 Sep 2021 14:08:35
CVE-2020-24327 Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an em... Thu, 23 Sep 2021 14:02:43
CVE-2021-38870 IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript ... Thu, 23 Sep 2021 13:43:14
CVE-2021-38864 IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation.... Thu, 23 Sep 2021 13:15:12
CVE-2021-20563 IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By ... Thu, 23 Sep 2021 13:14:48
CVE-2021-20485 IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detail... Thu, 23 Sep 2021 13:14:33
CVE-2021-20484 IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to e... Thu, 23 Sep 2021 13:14:14
CVE-2021-20435 IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sens... Thu, 23 Sep 2021 13:13:52
CVE-2021-20434 IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force... Thu, 23 Sep 2021 13:13:26
CVE-2020-4941 IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in furth... Thu, 23 Sep 2021 13:13:10
CVE-2021-29800 IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Thi... Thu, 23 Sep 2021 12:12:55
CVE-2021-38863 IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated u... Thu, 23 Sep 2021 12:12:41
CVE-2021-20377 IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error mess... Thu, 23 Sep 2021 12:12:16
CVE-2020-4809 IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. Thu, 23 Sep 2021 12:11:50
CVE-2020-4805 IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. Thu, 23 Sep 2021 12:11:36
CVE-2020-4803 IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. Thu, 23 Sep 2021 12:11:16
CVE-2020-4690 IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its ow... Thu, 23 Sep 2021 12:10:52
CVE-2021-36823 Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions... Thu, 23 Sep 2021 12:07:13
CVE-2021-26794 Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file... Thu, 23 Sep 2021 12:06:44
CVE-2021-22276 The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Po... Thu, 23 Sep 2021 12:06:29
CVE-2021-36873 Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). ... Thu, 23 Sep 2021 11:43:47
CVE-2021-41428 Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escala... Thu, 23 Sep 2021 11:09:16
CVE-2021-41381 Payara Micro Community 5.2021.6 and below allows Directory Traversal. Thu, 23 Sep 2021 11:08:58
CVE-2021-36872 Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vuln... Thu, 23 Sep 2021 11:08:28
CVE-2021-26750 DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to esca... Thu, 23 Sep 2021 11:08:01
CVE-2021-21913 An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-c... Thu, 23 Sep 2021 11:07:31
CVE-2021-3824 OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login pag... Thu, 23 Sep 2021 11:07:05
CVE-2021-32999 Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 Thu, 23 Sep 2021 10:07:10
CVE-2021-32987 Null pointer dereference in SuiteLink server while processing command 0x0b Thu, 23 Sep 2021 10:06:40
CVE-2021-32979 Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a Thu, 23 Sep 2021 10:06:27
CVE-2021-32971 Null pointer dereference in SuiteLink server while processing command 0x07 Thu, 23 Sep 2021 10:06:13
CVE-2021-32963 Null pointer dereference in SuiteLink server while processing commands 0x03/0x10 Thu, 23 Sep 2021 10:05:53
CVE-2021-32959 Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06 Thu, 23 Sep 2021 10:05:40
CVE-2021-22953 A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exh... Thu, 23 Sep 2021 09:07:34
CVE-2021-22952 A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access t... Thu, 23 Sep 2021 09:07:20
CVE-2021-22950 Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be delet... Thu, 23 Sep 2021 09:06:57
CVE-2021-22949 A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and ... Thu, 23 Sep 2021 09:06:39
CVE-2021-22948 Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() P... Thu, 23 Sep 2021 09:06:19
CVE-2021-22945 When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to a... Thu, 23 Sep 2021 09:05:56
CVE-2021-22941 Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to ... Thu, 23 Sep 2021 09:05:42
CVE-2021-22020 The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue... Thu, 23 Sep 2021 09:05:22
CVE-2021-22019 The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network a... Thu, 23 Sep 2021 09:05:09
CVE-2021-22018 The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malici... Thu, 23 Sep 2021 09:04:38
CVE-2021-22017 Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious... Thu, 23 Sep 2021 09:04:16
CVE-2021-22016 The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker m... Thu, 23 Sep 2021 09:03:49
CVE-2021-22015 The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and dire... Thu, 23 Sep 2021 09:03:28
CVE-2021-22014 The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructur... Thu, 23 Sep 2021 08:07:53
CVE-2021-22013 The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management... Thu, 23 Sep 2021 08:07:31
CVE-2021-22012 The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A mal... Thu, 23 Sep 2021 08:07:12
CVE-2021-22011 vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor wi... Thu, 23 Sep 2021 08:06:57
CVE-2021-22010 The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port ... Thu, 23 Sep 2021 08:06:39
CVE-2021-22009 The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with ... Thu, 23 Sep 2021 08:06:26
CVE-2021-22008 The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with net... Thu, 23 Sep 2021 08:06:02
CVE-2021-22007 The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with... Thu, 23 Sep 2021 08:05:35
CVE-2021-22006 The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious act... Thu, 23 Sep 2021 08:05:23
CVE-2021-22005 The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network a... Thu, 23 Sep 2021 08:04:57
CVE-2021-21993 The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter... Thu, 23 Sep 2021 08:04:30
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report