CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2022-32413 An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. Tue, 05 Jul 2022 16:09:54
CVE-2022-32311 Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms... Tue, 05 Jul 2022 16:09:24
CVE-2022-32310 An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted ... Tue, 05 Jul 2022 16:08:55
CVE-2022-31856 Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /i... Tue, 05 Jul 2022 16:08:26
CVE-2022-34972 So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_... Tue, 05 Jul 2022 16:08:08
CVE-2022-2321 Login Bruteforce attacks Tue, 05 Jul 2022 14:31:43
CVE-2021-44915 Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. Tue, 05 Jul 2022 14:06:05
CVE-2022-33075 A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows att... Tue, 05 Jul 2022 14:05:50
CVE-2022-31116 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to... Tue, 05 Jul 2022 13:38:34
CVE-2022-31117 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an e... Tue, 05 Jul 2022 13:35:09
CVE-2022-31014 Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injec... Tue, 05 Jul 2022 13:18:54
CVE-2022-31770 IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of se... Tue, 05 Jul 2022 12:12:48
CVE-2022-34879 Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) o... Tue, 05 Jul 2022 11:49:13
CVE-2022-34878 SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter al... Tue, 05 Jul 2022 11:48:53
CVE-2022-34877 SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent... Tue, 05 Jul 2022 11:48:38
CVE-2022-34876 SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings... Tue, 05 Jul 2022 11:48:14
CVE-2022-31836 The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross ... Tue, 05 Jul 2022 11:05:39
CVE-2021-43116 An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login ... Tue, 05 Jul 2022 10:06:55
CVE-2022-30290 In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can ... Tue, 05 Jul 2022 09:06:02
CVE-2022-33743 network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code labe... Tue, 05 Jul 2022 09:02:09
CVE-2022-33742 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vu... Tue, 05 Jul 2022 09:01:45
CVE-2022-33741 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vu... Tue, 05 Jul 2022 09:01:19
CVE-2022-33740 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vu... Tue, 05 Jul 2022 09:00:49
CVE-2022-26365 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vu... Tue, 05 Jul 2022 09:00:25
CVE-2022-33744 Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of th... Tue, 05 Jul 2022 08:56:03
CVE-2022-2304 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Tue, 05 Jul 2022 08:32:11
CVE-2021-43702 ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the... Tue, 05 Jul 2022 08:04:36
CVE-2022-30289 A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. A... Tue, 05 Jul 2022 08:04:14
CVE-2022-2097 AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the... Tue, 05 Jul 2022 06:34:41
CVE-2022-2309 NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is... Tue, 05 Jul 2022 06:06:49
CVE-2022-2306 Old session tokens can be used to authenticate to the application and send authenticated requests. Tue, 05 Jul 2022 04:32:22
CVE-2022-34918 An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer ov... Mon, 04 Jul 2022 17:04:16
CVE-2022-34829 Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to th... Mon, 04 Jul 2022 16:05:53
CVE-2022-31603 NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSec... Mon, 04 Jul 2022 14:17:45
CVE-2022-31602 NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned... Mon, 04 Jul 2022 14:17:30
CVE-2022-31601 NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cau... Mon, 04 Jul 2022 14:17:18
CVE-2022-31600 NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnera... Mon, 04 Jul 2022 14:16:52
CVE-2022-31599 NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access t... Mon, 04 Jul 2022 14:16:31
CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are su... Mon, 04 Jul 2022 12:03:37
CVE-2022-33171 ** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. ... Mon, 04 Jul 2022 12:03:10
CVE-2021-25066 The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high pr... Mon, 04 Jul 2022 09:12:14
CVE-2021-25056 The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privileg... Mon, 04 Jul 2022 09:11:48
CVE-2022-2268 The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file... Mon, 04 Jul 2022 09:11:29
CVE-2022-0250 The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an ... Mon, 04 Jul 2022 09:11:14
CVE-2022-1967 The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged... Mon, 04 Jul 2022 09:10:44
CVE-2022-1946 The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response ... Mon, 04 Jul 2022 09:10:15
CVE-2022-1301 The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, whi... Mon, 04 Jul 2022 09:10:01
CVE-2022-2300 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Mon, 04 Jul 2022 06:42:03
CVE-2022-2301 Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. Mon, 04 Jul 2022 06:35:07
CVE-2022-29892 Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to re... Mon, 04 Jul 2022 03:07:17
CVE-2022-29513 Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with ... Mon, 04 Jul 2022 03:06:56
CVE-2022-29484 Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to... Mon, 04 Jul 2022 03:06:41
CVE-2022-29471 Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the dat... Mon, 04 Jul 2022 03:06:25
CVE-2022-29467 Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain... Mon, 04 Jul 2022 03:06:09
CVE-2022-26368 Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a ... Mon, 04 Jul 2022 03:05:52
CVE-2022-26054 Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to ... Mon, 04 Jul 2022 03:05:32
CVE-2022-26051 Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker t... Mon, 04 Jul 2022 03:05:11
CVE-2022-28718 Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker ... Mon, 04 Jul 2022 03:04:55
CVE-2022-28713 Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some d... Mon, 04 Jul 2022 03:04:37
CVE-2022-28692 Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker t... Mon, 04 Jul 2022 03:04:24
CVE-2022-27807 Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to dis... Mon, 04 Jul 2022 03:04:00
CVE-2022-27803 Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to al... Mon, 04 Jul 2022 03:03:43
CVE-2022-27661 Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker... Mon, 04 Jul 2022 03:03:23
CVE-2022-27627 Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to... Mon, 04 Jul 2022 03:03:01
CVE-2022-33971 Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and... Sun, 03 Jul 2022 21:57:21
CVE-2022-33948 HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP ser... Sun, 03 Jul 2022 21:57:00
CVE-2022-33208 Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and... Sun, 03 Jul 2022 21:56:41
CVE-2022-32284 Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communic... Sun, 03 Jul 2022 21:56:18
CVE-2022-34151 Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, ... Sun, 03 Jul 2022 21:55:58
CVE-2022-2289 Use After Free in GitHub repository vim/vim prior to 9.0. Sun, 03 Jul 2022 10:19:40
CVE-2022-2288 Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. Sun, 03 Jul 2022 08:46:04
CVE-2022-2290 Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. Sun, 03 Jul 2022 02:10:42
CVE-2022-2287 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. Sat, 02 Jul 2022 17:26:27
CVE-2022-34913 ** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive cha... Sat, 02 Jul 2022 16:04:42
CVE-2022-34912 An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contrib... Sat, 02 Jul 2022 16:04:23
CVE-2022-34911 An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur ... Sat, 02 Jul 2022 16:04:05
CVE-2022-2286 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. Sat, 02 Jul 2022 15:03:12
CVE-2022-2285 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. Sat, 02 Jul 2022 11:43:13
CVE-2022-2284 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Sat, 02 Jul 2022 10:34:43
CVE-2022-28200 NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read an... Fri, 01 Jul 2022 20:24:37
CVE-2022-32551 Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or s... Fri, 01 Jul 2022 20:01:58
CVE-2022-34903 GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and... Fri, 01 Jul 2022 18:07:03
CVE-2022-32412 An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Fri, 01 Jul 2022 18:06:45
CVE-2022-32411 An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Fri, 01 Jul 2022 18:06:32
CVE-2022-32325 JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. Fri, 01 Jul 2022 18:06:04
CVE-2022-32324 PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. Fri, 01 Jul 2022 18:05:46
CVE-2022-32420 College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teach... Fri, 01 Jul 2022 17:08:06
CVE-2022-32384 Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasi... Fri, 01 Jul 2022 17:07:53
CVE-2022-32095 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.ph... Fri, 01 Jul 2022 17:07:39
CVE-2022-32094 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlo... Fri, 01 Jul 2022 17:07:25
CVE-2022-32093 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlog... Fri, 01 Jul 2022 17:07:05
CVE-2022-31943 MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. Fri, 01 Jul 2022 17:06:49
CVE-2022-25896 This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being ... Fri, 01 Jul 2022 16:14:58
CVE-2022-25900 All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of g... Fri, 01 Jul 2022 16:10:21
CVE-2022-25898 The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signa... Fri, 01 Jul 2022 16:09:52
CVE-2022-25876 The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send... Fri, 01 Jul 2022 16:09:30
CVE-2022-25758 All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation(... Fri, 01 Jul 2022 16:09:18
CVE-2022-32091 MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sani... Fri, 01 Jul 2022 16:05:46
CVE-2022-32089 MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. Fri, 01 Jul 2022 16:05:32
CVE-2022-32088 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort... Fri, 01 Jul 2022 16:05:01
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report