CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2022-23850 xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted... Sun, 23 Jan 2022 02:06:48
CVE-2021-4103 Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34. Sat, 22 Jan 2022 20:50:03
CVE-2021-4172 Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. Sat, 22 Jan 2022 06:44:15
CVE-2022-23808 An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup scrip... Fri, 21 Jan 2022 21:06:10
CVE-2022-23807 An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to php... Fri, 21 Jan 2022 21:05:41
CVE-2022-23366 HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. Fri, 21 Jan 2022 18:06:50
CVE-2022-23365 HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. Fri, 21 Jan 2022 18:06:25
CVE-2022-23364 HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. Fri, 21 Jan 2022 18:05:58
CVE-2022-23363 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. Fri, 21 Jan 2022 18:05:36
CVE-2022-21708 graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that ... Fri, 21 Jan 2022 17:28:17
CVE-2022-21707 wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capab... Fri, 21 Jan 2022 17:22:47
CVE-2021-39480 Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS). Fri, 21 Jan 2022 17:06:49
CVE-2021-46313 The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms... Fri, 21 Jan 2022 16:07:10
CVE-2021-46311 A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_ro... Fri, 21 Jan 2022 16:06:56
CVE-2021-46244 A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulne... Fri, 21 Jan 2022 16:06:32
CVE-2021-46243 An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/... Fri, 21 Jan 2022 16:06:12
CVE-2021-46242 HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry. Fri, 21 Jan 2022 16:05:46
CVE-2021-46240 A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scen... Fri, 21 Jan 2022 16:05:21
CVE-2021-46239 The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils... Fri, 21 Jan 2022 16:05:04
CVE-2021-46238 GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. ... Fri, 21 Jan 2022 16:04:41
CVE-2021-46237 An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/bas... Fri, 21 Jan 2022 16:04:25
CVE-2021-46236 A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph... Fri, 21 Jan 2022 16:04:11
CVE-2021-46234 A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scen... Fri, 21 Jan 2022 16:03:45
CVE-2022-23837 In api.rb in Sidekiq before 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overload... Fri, 21 Jan 2022 15:44:54
CVE-2021-36339 The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exp... Fri, 21 Jan 2022 15:18:17
CVE-2021-36338 Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user co... Fri, 21 Jan 2022 15:17:57
CVE-2022-22553 Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that ... Fri, 21 Jan 2022 15:17:39
CVE-2022-22552 Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could... Fri, 21 Jan 2022 15:17:18
CVE-2022-22551 DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attack... Fri, 21 Jan 2022 15:17:00
CVE-2021-23631 This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package co... Fri, 21 Jan 2022 15:13:29
CVE-2021-23518 The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} ... Fri, 21 Jan 2022 15:12:59
CVE-2021-23460 The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key ... Fri, 21 Jan 2022 15:08:19
CVE-2021-23664 The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanit... Fri, 21 Jan 2022 15:04:27
CVE-2021-40695 It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Fri, 21 Jan 2022 14:46:54
CVE-2021-40694 Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP serv... Fri, 21 Jan 2022 14:46:24
CVE-2021-40693 An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vu... Fri, 21 Jan 2022 14:46:00
CVE-2021-40692 Insufficient capability checks made it possible for teachers to download users outside of their courses. Fri, 21 Jan 2022 14:45:36
CVE-2021-40691 A session hijack risk was identified in the Shibboleth authentication plugin. Fri, 21 Jan 2022 14:45:23
CVE-2021-40595 SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arb... Fri, 21 Jan 2022 14:45:08
CVE-2021-44593 Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection... Fri, 21 Jan 2022 14:15:06
CVE-2021-44464 Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all ins... Fri, 21 Jan 2022 14:14:46
CVE-2021-43355 Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client ... Fri, 21 Jan 2022 14:14:15
CVE-2021-41835 Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent... Fri, 21 Jan 2022 14:13:51
CVE-2021-40247 SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute ... Fri, 21 Jan 2022 14:13:22
CVE-2021-33966 Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via craft... Fri, 21 Jan 2022 14:13:02
CVE-2021-33848 Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting ... Fri, 21 Jan 2022 14:12:39
CVE-2021-33846 Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated us... Fri, 21 Jan 2022 14:12:12
CVE-2021-33843 Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without authentication. An attacker may ... Fri, 21 Jan 2022 14:11:43
CVE-2021-31562 The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to ... Fri, 21 Jan 2022 14:11:16
CVE-2021-23236 Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0... Fri, 21 Jan 2022 14:10:46
CVE-2021-23233 Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such... Fri, 21 Jan 2022 14:10:31
CVE-2021-23207 An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fr... Fri, 21 Jan 2022 14:10:15
CVE-2021-23196 The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on th... Fri, 21 Jan 2022 14:10:03
CVE-2021-23195 Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory... Fri, 21 Jan 2022 14:09:43
CVE-2021-4032 A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocatio... Fri, 21 Jan 2022 14:09:15
CVE-2021-4001 A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missin... Fri, 21 Jan 2022 14:08:45
CVE-2022-23728 Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011. Fri, 21 Jan 2022 14:08:33
CVE-2022-23130 Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONI... Fri, 21 Jan 2022 14:08:15
CVE-2022-23129 Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and I... Fri, 21 Jan 2022 14:07:59
CVE-2022-23128 Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (... Fri, 21 Jan 2022 14:07:33
CVE-2022-23127 Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS Mobi... Fri, 21 Jan 2022 14:07:12
CVE-2022-0323 Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1. Fri, 21 Jan 2022 13:12:50
CVE-2021-4016 Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has acc... Fri, 21 Jan 2022 13:05:21
CVE-2020-4879 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by imp... Fri, 21 Jan 2022 12:25:22
CVE-2020-4877 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in ... Fri, 21 Jan 2022 12:24:57
CVE-2020-4876 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processi... Fri, 21 Jan 2022 12:24:38
CVE-2020-4875 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processi... Fri, 21 Jan 2022 12:24:20
CVE-2021-46309 An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username pa... Fri, 21 Jan 2022 12:07:16
CVE-2021-46308 An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. Fri, 21 Jan 2022 12:07:01
CVE-2021-46307 An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. Fri, 21 Jan 2022 11:05:33
CVE-2021-46201 An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ n... Fri, 21 Jan 2022 11:05:16
CVE-2021-46200 An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /m... Fri, 21 Jan 2022 11:04:55
CVE-2021-46198 An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php... Fri, 21 Jan 2022 11:04:39
CVE-2021-40855 The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production ... Fri, 21 Jan 2022 11:04:21
CVE-2022-23220 USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certa... Fri, 21 Jan 2022 11:03:57
CVE-2021-35004 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Bui... Fri, 21 Jan 2022 10:49:34
CVE-2021-35003 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Bu... Fri, 21 Jan 2022 10:49:20
CVE-2020-19861 When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from... Fri, 21 Jan 2022 10:03:23
CVE-2020-19860 When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnera... Fri, 21 Jan 2022 09:06:10
CVE-2022-0319 Out-of-bounds Read in vim/vim prior to 8.2. Fri, 21 Jan 2022 08:36:53
CVE-2020-19858 Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending htt... Fri, 21 Jan 2022 08:04:36
CVE-2022-0318 Heap-based Buffer Overflow in vim/vim prior to 8.2. Fri, 21 Jan 2022 06:49:54
CVE-2022-0329 Code Injection in PyPi loguru prior to and including 0.5.3. Fri, 21 Jan 2022 05:32:42
CVE-2022-21933 ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use s... Fri, 21 Jan 2022 04:06:42
CVE-2022-0326 NULL Pointer Dereference in Homebrew mruby prior to 3.2. Fri, 21 Jan 2022 01:50:17
CVE-2022-23315 MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.... Thu, 20 Jan 2022 19:08:27
CVE-2022-23314 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. Thu, 20 Jan 2022 19:08:01
CVE-2022-22930 A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute ar... Thu, 20 Jan 2022 19:07:43
CVE-2022-22929 MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers ... Thu, 20 Jan 2022 19:07:22
CVE-2022-22928 MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. Thu, 20 Jan 2022 19:07:04
CVE-2022-22895 Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecm... Thu, 20 Jan 2022 18:46:51
CVE-2022-22894 Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c. Thu, 20 Jan 2022 18:46:23
CVE-2022-22893 Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c. Thu, 20 Jan 2022 18:46:01
CVE-2022-22892 There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma... Thu, 20 Jan 2022 18:45:46
CVE-2022-22891 Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.... Thu, 20 Jan 2022 18:45:33
CVE-2022-22890 There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' fai... Thu, 20 Jan 2022 18:05:09
CVE-2022-22888 Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c. Thu, 20 Jan 2022 18:04:48
CVE-2021-46351 There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-obj... Thu, 20 Jan 2022 17:13:53
CVE-2021-46350 There is an Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c in Jerry... Thu, 20 Jan 2022 17:13:28
CVE-2021-46349 There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at /jerry-core/ecma/operati... Thu, 20 Jan 2022 17:13:16
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report