CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-42258 BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as ... Fri, 22 Oct 2021 18:03:39
CVE-2020-36502 Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename par... Fri, 22 Oct 2021 16:25:16
CVE-2020-36501 Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arb... Fri, 22 Oct 2021 16:24:54
CVE-2020-36499 TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the c... Fri, 22 Oct 2021 16:24:35
CVE-2020-36498 Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account r... Fri, 22 Oct 2021 16:24:07
CVE-2020-36497 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_home... Fri, 22 Oct 2021 16:23:48
CVE-2020-36496 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_use... Fri, 22 Oct 2021 16:23:34
CVE-2020-36495 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_v... Fri, 22 Oct 2021 16:23:04
CVE-2020-36494 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edi... Fri, 22 Oct 2021 16:22:47
CVE-2020-36493 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.ph... Fri, 22 Oct 2021 16:22:23
CVE-2020-36492 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.... Fri, 22 Oct 2021 16:22:01
CVE-2020-36491 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php... Fri, 22 Oct 2021 16:21:46
CVE-2020-36490 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_v... Fri, 22 Oct 2021 16:21:26
CVE-2020-36489 Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicena... Fri, 22 Oct 2021 16:21:02
CVE-2020-36488 An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. Fri, 22 Oct 2021 16:20:40
CVE-2020-36486 Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'pat... Fri, 22 Oct 2021 16:20:12
CVE-2020-36485 Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the... Fri, 22 Oct 2021 16:19:49
CVE-2020-28969 Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a c... Fri, 22 Oct 2021 16:19:20
CVE-2020-28968 Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Config... Fri, 22 Oct 2021 16:19:00
CVE-2020-28967 FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allo... Fri, 22 Oct 2021 16:18:33
CVE-2020-28964 Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerabil... Fri, 22 Oct 2021 16:18:18
CVE-2020-28963 Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function. Fri, 22 Oct 2021 16:18:05
CVE-2020-28961 Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/clie... Fri, 22 Oct 2021 16:17:35
CVE-2020-28960 Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the i... Fri, 22 Oct 2021 16:17:11
CVE-2020-28957 Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute... Fri, 22 Oct 2021 16:16:57
CVE-2020-28956 Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbit... Fri, 22 Oct 2021 16:16:45
CVE-2020-28955 SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vul... Fri, 22 Oct 2021 16:16:16
CVE-2020-23061 Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `dow... Fri, 22 Oct 2021 16:15:49
CVE-2020-23060 Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vul... Fri, 22 Oct 2021 16:15:31
CVE-2020-23058 An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data. Fri, 22 Oct 2021 16:15:01
CVE-2020-23055 ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting... Fri, 22 Oct 2021 16:14:45
CVE-2020-23054 A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbit... Fri, 22 Oct 2021 16:14:32
CVE-2020-23052 Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the comp... Fri, 22 Oct 2021 16:14:11
CVE-2020-23051 Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XS... Fri, 22 Oct 2021 16:13:47
CVE-2020-23050 TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName... Fri, 22 Oct 2021 16:13:33
CVE-2020-23049 Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displa... Fri, 22 Oct 2021 16:13:11
CVE-2020-23048 SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddE... Fri, 22 Oct 2021 16:12:47
CVE-2020-23047 Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability... Fri, 22 Oct 2021 16:12:23
CVE-2020-23046 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via t... Fri, 22 Oct 2021 16:12:09
CVE-2020-23045 Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'rol... Fri, 22 Oct 2021 16:11:38
CVE-2020-23044 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view... Fri, 22 Oct 2021 16:11:12
CVE-2020-23043 Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnera... Fri, 22 Oct 2021 16:10:49
CVE-2020-23042 Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the pat... Fri, 22 Oct 2021 16:10:35
CVE-2020-23041 Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path par... Fri, 22 Oct 2021 16:10:11
CVE-2020-23040 Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive dat... Fri, 22 Oct 2021 16:09:56
CVE-2020-23039 Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function ... Fri, 22 Oct 2021 16:09:26
CVE-2020-23038 Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path par... Fri, 22 Oct 2021 16:09:04
CVE-2020-23037 Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to exec... Fri, 22 Oct 2021 16:08:42
CVE-2020-23036 MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of ... Fri, 22 Oct 2021 16:08:18
CVE-2021-42840 SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances ... Fri, 22 Oct 2021 15:07:41
CVE-2021-42556 Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a ... Fri, 22 Oct 2021 15:07:25
CVE-2021-29835 IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows ... Fri, 22 Oct 2021 15:06:59
CVE-2021-41171 eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows ... Fri, 22 Oct 2021 15:03:29
CVE-2021-42836 GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. Fri, 22 Oct 2021 14:07:22
CVE-2021-42542 The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. Fri, 22 Oct 2021 10:12:16
CVE-2021-42540 The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can levera... Fri, 22 Oct 2021 10:11:49
CVE-2021-42539 The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account t... Fri, 22 Oct 2021 10:11:22
CVE-2021-42538 The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled... Fri, 22 Oct 2021 10:11:05
CVE-2021-42536 The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global ... Fri, 22 Oct 2021 10:10:46
CVE-2021-42534 The affected product’s web application does not properly neutralize the input during webpage generation, which could allow ... Fri, 22 Oct 2021 10:10:32
CVE-2021-42169 The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from r... Fri, 22 Oct 2021 10:10:05
CVE-2021-0870 In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remo... Fri, 22 Oct 2021 10:09:38
CVE-2021-0708 In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. Th... Fri, 22 Oct 2021 10:09:26
CVE-2021-0706 In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing per... Fri, 22 Oct 2021 10:09:09
CVE-2021-0705 In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep gra... Fri, 22 Oct 2021 10:08:47
CVE-2021-0703 In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to loca... Fri, 22 Oct 2021 10:08:34
CVE-2021-0702 In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore down... Fri, 22 Oct 2021 10:08:09
CVE-2021-0652 In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sha... Fri, 22 Oct 2021 10:07:51
CVE-2021-0651 In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorre... Fri, 22 Oct 2021 10:07:31
CVE-2021-0643 In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the c... Fri, 22 Oct 2021 10:07:12
CVE-2021-0483 In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local es... Fri, 22 Oct 2021 10:07:00
CVE-2021-38485 The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide mali... Fri, 22 Oct 2021 10:06:36
CVE-2021-30359 The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during th... Fri, 22 Oct 2021 10:06:23
CVE-2021-31682 The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflect... Fri, 22 Oct 2021 08:10:53
CVE-2021-41747 Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive i... Fri, 22 Oct 2021 08:10:26
CVE-2021-41745 ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. Fri, 22 Oct 2021 08:09:56
CVE-2021-41744 All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strateg... Fri, 22 Oct 2021 08:09:34
CVE-2021-38481 The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the s... Fri, 22 Oct 2021 08:09:17
CVE-2021-38479 Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions... Fri, 22 Oct 2021 08:09:00
CVE-2021-38477 There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead... Fri, 22 Oct 2021 08:08:41
CVE-2021-38475 The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain ... Fri, 22 Oct 2021 08:08:21
CVE-2021-38473 The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack o... Fri, 22 Oct 2021 08:08:06
CVE-2021-38471 There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing fi... Fri, 22 Oct 2021 08:07:50
CVE-2021-38469 Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can ex... Fri, 22 Oct 2021 08:07:38
CVE-2021-38467 A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control ... Fri, 22 Oct 2021 08:07:22
CVE-2021-38465 The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption... Fri, 22 Oct 2021 08:07:08
CVE-2021-38463 The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory b... Fri, 22 Oct 2021 08:06:53
CVE-2021-38461 The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from... Fri, 22 Oct 2021 08:06:35
CVE-2021-38459 The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .ex... Fri, 22 Oct 2021 08:06:13
CVE-2021-38457 The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the s... Fri, 22 Oct 2021 08:05:56
CVE-2021-38455 The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be... Fri, 22 Oct 2021 08:05:38
CVE-2021-38453 Some API functions allow interaction with the registry, which includes reading values as well as data modification. Fri, 22 Oct 2021 08:05:22
CVE-2021-38451 The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function... Fri, 22 Oct 2021 08:05:04
CVE-2021-38449 Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, ... Fri, 22 Oct 2021 08:04:52
CVE-2021-36357 An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t... Fri, 22 Oct 2021 08:04:37
CVE-2021-35230 As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker coul... Fri, 22 Oct 2021 08:04:24
CVE-2021-31834 Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrat... Fri, 22 Oct 2021 07:15:32
CVE-2021-31835 Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to ... Fri, 22 Oct 2021 07:09:03
CVE-2021-34362 A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this ... Fri, 22 Oct 2021 00:31:14
CVE-2021-36869 Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter... Thu, 21 Oct 2021 17:05:00
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report