CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-32783 Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalNa... Fri, 23 Jul 2021 17:55:46
CVE-2021-32686 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols ... Fri, 23 Jul 2021 17:38:37
CVE-2021-3169 An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have acces... Fri, 23 Jul 2021 17:07:03
CVE-2021-25809 UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() functi... Fri, 23 Jul 2021 16:07:44
CVE-2021-25808 A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted... Fri, 23 Jul 2021 16:07:21
CVE-2020-20741 Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B... Fri, 23 Jul 2021 16:06:51
CVE-2021-25791 Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System... Fri, 23 Jul 2021 14:02:22
CVE-2021-25790 Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 ... Fri, 23 Jul 2021 14:02:01
CVE-2021-23412 All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are ... Fri, 23 Jul 2021 12:05:25
CVE-2021-3159 A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.2... Fri, 23 Jul 2021 11:06:32
CVE-2021-25206 Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary ... Fri, 23 Jul 2021 10:05:10
CVE-2021-25204 Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitra... Fri, 23 Jul 2021 10:04:40
CVE-2021-25203 Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CM... Fri, 23 Jul 2021 10:04:18
CVE-2021-25201 SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements t... Fri, 23 Jul 2021 10:04:04
CVE-2021-25208 Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary co... Fri, 23 Jul 2021 09:46:45
CVE-2021-25207 Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via... Fri, 23 Jul 2021 09:06:54
CVE-2021-20333 Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entrie... Fri, 23 Jul 2021 07:30:45
CVE-2021-26799 Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitra... Fri, 23 Jul 2021 07:04:40
CVE-2020-14032 ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM. Fri, 23 Jul 2021 07:04:23
CVE-2021-24036 Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on... Thu, 22 Jul 2021 20:36:20
CVE-2021-32786 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect... Thu, 22 Jul 2021 17:38:28
CVE-2021-32785 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect... Thu, 22 Jul 2021 17:28:10
CVE-2021-34268 An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of s... Thu, 22 Jul 2021 16:09:36
CVE-2021-34267 An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of se... Thu, 22 Jul 2021 16:09:06
CVE-2021-34262 A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and belo... Thu, 22 Jul 2021 16:08:47
CVE-2021-34261 An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to... Thu, 22 Jul 2021 16:08:26
CVE-2021-34260 A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 a... Thu, 22 Jul 2021 16:08:03
CVE-2021-34259 A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and bel... Thu, 22 Jul 2021 16:07:35
CVE-2021-25213 SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL... Thu, 22 Jul 2021 16:07:11
CVE-2021-25211 Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via t... Thu, 22 Jul 2021 16:06:57
CVE-2021-25205 SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL state... Thu, 22 Jul 2021 16:06:36
CVE-2020-22284 A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and vers... Thu, 22 Jul 2021 16:06:23
CVE-2020-22283 A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP v... Thu, 22 Jul 2021 16:05:57
CVE-2021-25209 SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary ... Thu, 22 Jul 2021 15:40:49
CVE-2021-27332 Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to... Thu, 22 Jul 2021 15:04:49
CVE-2021-26224 Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitra... Thu, 22 Jul 2021 15:04:24
CVE-2021-26223 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbi... Thu, 22 Jul 2021 15:04:04
CVE-2021-25212 SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL... Thu, 22 Jul 2021 15:03:36
CVE-2021-25210 Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary co... Thu, 22 Jul 2021 15:03:15
CVE-2021-31581 The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configu... Thu, 22 Jul 2021 14:34:02
CVE-2021-31580 The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel ... Thu, 22 Jul 2021 14:33:49
CVE-2021-31579 Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue wa... Thu, 22 Jul 2021 14:33:32
CVE-2021-3619 Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where... Thu, 22 Jul 2021 14:33:16
CVE-2021-3540 By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of I... Thu, 22 Jul 2021 14:32:52
CVE-2021-3198 By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti Mo... Thu, 22 Jul 2021 14:32:29
CVE-2020-7390 Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Na... Thu, 22 Jul 2021 14:32:13
CVE-2020-7389 Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via... Thu, 22 Jul 2021 14:31:58
CVE-2020-7388 Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authent... Thu, 22 Jul 2021 14:31:40
CVE-2020-7387 Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component tha... Thu, 22 Jul 2021 14:31:21
CVE-2021-36222 ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x ... Thu, 22 Jul 2021 14:10:44
CVE-2021-35942 The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posi... Thu, 22 Jul 2021 14:10:27
CVE-2021-35464 ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in the jato.pageSession paramet... Thu, 22 Jul 2021 14:10:12
CVE-2021-33032 eQ-3 HomeMatic CCU2 2.57.5 and CCU3 3.57.5 devices allow remote code execution. Thu, 22 Jul 2021 14:09:54
CVE-2021-25202 SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary S... Thu, 22 Jul 2021 14:09:41
CVE-2021-25197 Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject ... Thu, 22 Jul 2021 14:09:21
CVE-2015-2100 Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary ... Thu, 22 Jul 2021 14:09:02
CVE-2015-2099 Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors ... Thu, 22 Jul 2021 14:08:33
CVE-2015-2098 Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecifie... Thu, 22 Jul 2021 14:08:15
CVE-2020-36033 SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php. Thu, 22 Jul 2021 14:07:52
CVE-2021-35063 Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." Thu, 22 Jul 2021 13:42:08
CVE-2021-26226 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbi... Thu, 22 Jul 2021 13:41:47
CVE-2021-37403 OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a... Thu, 22 Jul 2021 13:06:12
CVE-2021-37402 OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy... Thu, 22 Jul 2021 13:05:46
CVE-2021-33478 The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate a... Thu, 22 Jul 2021 13:05:21
CVE-2021-29657 arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access... Thu, 22 Jul 2021 13:04:59
CVE-2021-26699 OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the... Thu, 22 Jul 2021 13:04:43
CVE-2021-26232 SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL s... Thu, 22 Jul 2021 13:04:16
CVE-2021-26231 SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL state... Thu, 22 Jul 2021 13:03:56
CVE-2021-26230 Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to... Thu, 22 Jul 2021 13:03:40
CVE-2021-26229 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbi... Thu, 22 Jul 2021 13:03:18
CVE-2021-26228 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbi... Thu, 22 Jul 2021 13:02:52
CVE-2021-26227 Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to... Thu, 22 Jul 2021 13:02:39
CVE-2020-5370 Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authen... Thu, 22 Jul 2021 13:02:12
CVE-2020-5316 Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs ... Thu, 22 Jul 2021 13:01:49
CVE-2021-26698 OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a... Thu, 22 Jul 2021 12:39:32
CVE-2021-26765 SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statemen... Thu, 22 Jul 2021 12:06:54
CVE-2021-26764 SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statem... Thu, 22 Jul 2021 12:06:42
CVE-2021-26762 SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statemen... Thu, 22 Jul 2021 12:06:27
CVE-2021-1618 Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authentic... Thu, 22 Jul 2021 11:35:53
CVE-2021-1617 Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authentic... Thu, 22 Jul 2021 11:35:27
CVE-2021-1614 A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an ... Thu, 22 Jul 2021 11:35:07
CVE-2021-1601 Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access se... Thu, 22 Jul 2021 11:34:53
CVE-2021-1600 Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access se... Thu, 22 Jul 2021 11:34:23
CVE-2021-1599 A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticat... Thu, 22 Jul 2021 11:33:58
CVE-2021-1518 A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote ... Thu, 22 Jul 2021 11:33:30
CVE-2021-34700 A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read ar... Thu, 22 Jul 2021 11:26:22
CVE-2021-29149 A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, ... Thu, 22 Jul 2021 10:07:12
CVE-2021-29148 A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Ar... Thu, 22 Jul 2021 10:06:42
CVE-2021-29143 A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Seri... Thu, 22 Jul 2021 10:06:25
CVE-2021-22001 In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when del... Thu, 22 Jul 2021 10:06:12
CVE-2021-34431 In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT... Thu, 22 Jul 2021 09:51:28
CVE-2019-20467 An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELN... Thu, 22 Jul 2021 09:05:24
CVE-2021-30110 dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitr... Thu, 22 Jul 2021 08:40:28
CVE-2021-35522 A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices... Thu, 22 Jul 2021 08:09:24
CVE-2021-35521 A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote a... Thu, 22 Jul 2021 08:08:54
CVE-2021-35520 A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physica... Thu, 22 Jul 2021 08:08:30
CVE-2021-30486 SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagem... Thu, 22 Jul 2021 08:08:08
CVE-2021-30049 SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. Thu, 22 Jul 2021 08:07:48
CVE-2021-22523 XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versi... Thu, 22 Jul 2021 08:07:28
CVE-2021-22522 Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update ... Thu, 22 Jul 2021 07:43:27
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report