cve.report
Open in
urlscan Pro
2606:4700:3108::ac42:2b86
Public Scan
Submitted URL: http://cve.report/
Effective URL: https://cve.report/
Submission: On November 28 via manual from US — Scanned from DE
Effective URL: https://cve.report/
Submission: On November 28 via manual from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET ../../../search.php
<form action="../../../search.php" method="get" target="blank">
<div class="form-group">
<input type="text" class="form-control" id="search" name="search" title="CVE.report Search" placeholder="CVE.report Search">
</div>
</form>GET ../../../search.php
<form action="../../../search.php" method="get" target="blank">
<div class="form-group-lg">
<input type="text" class="form-control" id="formGroupInputLarge" name="search" placeholder="CVE.report Search">
</div>
</form>Text Content
Refresh(Enable JavaScript first.)
This website cve.report/ is currently offline. Cloudflare's Always Online™ shows
a snapshot of this web page from the Internet Archive's Wayback Machine. To
check for the live version, click Refresh.
Toggle navigation
* Home
CVE.REPORT
CVE.report is the most up-to-date database of common vulnerabilities and
exposures. Information is pulled in from several sources and processed in to a
mobile friendly, easy to use page. Use the site to quickly check for
vulnerabilities in products such as operating systems, applications, hardware,
networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security
vulnerabilities in order to quickly identify and share these vulnerabilities.
You can use the search below to look for vulnerabilities based on product,
vendor, or common tags
CVSS CALCULATOR
The form you will see after following this link allows you to fill out the
various variables in the CVSS scoring system and receive the corresponding
score. The description of each of the variables is also included for additional
information.
[rss]
Recent CVEs
CVE Description Date CVE-2023-40215 Improper Neutralization of Special Elements
used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon
imag... Fri, 03 Nov 2023 20:13:40 CVE-2023-38391 Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Themesgrove Onepage Bui... Fri, 03 Nov 2023 20:10:40 CVE-2023-35910 Improper
Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulnerability in Nucleus_genius Quasar f... Fri, 03 Nov 2023 20:07:40
CVE-2023-32741 Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') vulnerability in IT Path Solutions PVT L... Fri, 03
Nov 2023 20:04:39 CVE-2023-45189 A vulnerability in IBM Robotic Process
Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through
21.0.7.10, ... Fri, 03 Nov 2023 19:07:57 CVE-2023-36677 Improper Neutralization
of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Smartypants SP Project ... Fri, 03 Nov 2023 19:04:57 CVE-2023-47235 An issue was
discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed
BGP UPDATE message with an EOR is ... Fri, 03 Nov 2023 17:12:15 CVE-2023-47234
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when
processing a crafted BGP UPDATE message with a... Fri, 03 Nov 2023 17:09:14
CVE-2023-47233 The brcm80211 component in the Linux kernel through 6.5.10 has a
brcmf_cfg80211_detach use-after-free in the device unpluggin... Fri, 03 Nov 2023
17:06:14 CVE-2023-41726 Ivanti Avalanche Incorrect Default Permissions allows
Local Privilege Escalation Vulnerability Fri, 03 Nov 2023 16:21:39
CVE-2023-41725 Ivanti Avalanche EnterpriseServer Service Unrestricted File
Upload Local Privilege Escalation Vulnerability Fri, 03 Nov 2023 16:18:39
CVE-2022-44569 A locally authenticated attacker with low privileges can bypass
authentication due to insecure inter-process communication. Fri, 03 Nov 2023
16:15:39 CVE-2022-43555 Ivanti Avalanche Printer Device Service Missing
Authentication Local Privilege Escalation Vulnerability Fri, 03 Nov 2023
16:12:39 CVE-2022-43554 Ivanti Avalanche Smart Device Service Missing
Authentication Local Privilege Escalation Vulnerability Fri, 03 Nov 2023
16:09:38 CVE-2022-3172 A security issue was discovered in kube-apiserver that
allows an aggregated API server to redirect client traffic to any URL... Fri, 03
Nov 2023 16:06:38 CVE-2023-3893 A security issue was discovered in Kubernetes
where a user that can create pods on Windows nodes running
kubernetes-csi-prox... Fri, 03 Nov 2023 14:07:07 CVE-2023-39301 A server-side
request forgery (SSRF) vulnerability has been reported to affect several QNAP
operating system versions. If exp... Fri, 03 Nov 2023 13:36:18 CVE-2023-39299 A
path traversal vulnerability has been reported to affect Music Station. If
exploited, the vulnerability could allow users t... Fri, 03 Nov 2023 13:33:18
CVE-2023-32508 Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') vulnerability in Rolf van Gelder Order Y... Fri, 03
Nov 2023 13:30:18 CVE-2023-32121 Improper Neutralization of Special Elements
used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero
Spa... Fri, 03 Nov 2023 13:27:18 CVE-2023-36529 Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Favethemes Houzez - Rea... Fri, 03 Nov 2023 13:24:17 CVE-2023-34179 Improper
Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulnerability in Groundhogg Inc. Groundh... Fri, 03 Nov 2023 13:21:17
CVE-2023-25990 Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') vulnerability in Themeum Tutor LMS allow... Fri, 03
Nov 2023 13:18:17 CVE-2023-25800 Improper Neutralization of Special Elements
used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS
allow... Fri, 03 Nov 2023 13:15:17 CVE-2023-25700 Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Themeum Tutor LMS allow... Fri, 03 Nov 2023 13:12:16 CVE-2023-23369 An OS
command injection vulnerability has been reported to affect several QNAP
operating system versions. If exploited, the v... Fri, 03 Nov 2023 13:09:16
CVE-2023-23368 An OS command injection vulnerability has been reported to affect
several QNAP operating system versions. If exploited, the v... Fri, 03 Nov 2023
13:06:16 CVE-2023-46980 An issue in Best Courier Management System v.1.0 allows
a remote attacker to execute arbitrary code and escalate privileges v... Fri, 03
Nov 2023 12:11:31 CVE-2023-46404 PCRS <= 3.11 (d0de1e) “Questions” page and
“Code editor” page are vulnerable to remote code execution (RCE) by escapi...
Fri, 03 Nov 2023 12:08:31 CVE-2022-46818 Improper Neutralization of Special
Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy
Email pos... Fri, 03 Nov 2023 12:05:30 CVE-2023-5946 The Digirisk plugin for
WordPress is vulnerable to Reflected Cross-Site Scripting via the
'current_group_id' parameter in ver... Fri, 03 Nov 2023 10:08:39 CVE-2023-5088 A
bug in QEMU could cause a guest I/O operation otherwise addressed to an
arbitrary disk offset to be targeted to offset 0 in... Fri, 03 Nov 2023 10:05:39
CVE-2023-46947 Subrion 4.2.1 has a remote command execution vulnerability in the
backend. Fri, 03 Nov 2023 09:36:38 CVE-2023-26015 Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris
Richardson MapPre... Fri, 03 Nov 2023 09:33:38 CVE-2023-25960 Improper
Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulnerability in Zendrop Zendrop – Glo... Fri, 03 Nov 2023 09:30:38
CVE-2023-5945 The video carousel slider with lightbox plugin for WordPress is
vulnerable to Cross-Site Request Forgery in version 1.0. This... Fri, 03 Nov
2023 09:27:38 CVE-2023-5707 The SEO Slider plugin for WordPress is vulnerable to
Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post... Fri,
03 Nov 2023 09:24:38 CVE-2023-3961 A path traversal vulnerability was identified
in Samba when processing client pipe names connecting to Unix domain sockets
wi... Fri, 03 Nov 2023 09:21:37 CVE-2022-47445 Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X
Be POPIA Complian... Fri, 03 Nov 2023 09:18:37 CVE-2022-47426 Improper
Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulnerability in Neshan Maps Platform Ne... Fri, 03 Nov 2023 09:15:37
CVE-2022-46859 Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy C... Fri, 03
Nov 2023 09:12:37 CVE-2022-46808 Improper Neutralization of Special Elements
used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems
ARMe... Fri, 03 Nov 2023 09:09:36 CVE-2022-45805 Improper Neutralization of
Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm
Paytm Payment Gat... Fri, 03 Nov 2023 09:06:36 CVE-2023-41652 Improper
Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulnerability in David F. Carr RSVPMaker... Fri, 03 Nov 2023 08:21:00
CVE-2023-34383 Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') vulnerability in weDevs WP Project Manag... Fri, 03
Nov 2023 08:18:00 CVE-2023-4592 A Cross-Site Scripting vulnerability has been
detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability
coul... Fri, 03 Nov 2023 08:14:59 CVE-2023-4591 A local file inclusion
vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6,
which would allow an unaut... Fri, 03 Nov 2023 08:11:59 CVE-2023-3277 The MStore
API plugin for WordPress is vulnerable to Unauthorized Account Access and
Privilege Escalation in versions up to, ... Fri, 03 Nov 2023 08:08:59
CVE-2022-47588 Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Pet... Fri, 03
Nov 2023 08:05:59 CVE-2023-4768 A CRLF injection vulnerability has been found in
ManageEngine Desktop Central affecting version 9.1.0. This vulnerability cou...
Fri, 03 Nov 2023 07:14:10 CVE-2023-4767 A CRLF injection vulnerability has been
found in ManageEngine Desktop Central affecting version 9.1.0. This
vulnerability cou... Fri, 03 Nov 2023 07:11:10 CVE-2023-4769 A SSRF
vulnerability has been found in ManageEngine Desktop Central affecting version
9.1.0, specifically the /smtpConfig.do ... Fri, 03 Nov 2023 07:08:10
CVE-2023-4043 In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON
from untrusted sources can lead malicious actors to exploit ... Fri, 03 Nov 2023
05:06:29 CVE-2023-1476 A use-after-free flaw was found in the Linux kernel’s
mm/mremap memory address space accounting source code. This issue occ... Fri, 03
Nov 2023 05:03:29 CVE-2023-42670 A flaw was found in Samba. It is susceptible to
a vulnerability where multiple incompatible RPC listeners can be initiated, c...
Fri, 03 Nov 2023 04:20:52 CVE-2023-5824 Squid is vulnerable to Denial of Service
attack against HTTP and HTTPS clients due to an Improper Handling of Structural
Elem... Fri, 03 Nov 2023 04:17:51 CVE-2023-46848 Squid is vulnerable to Denial
of Service, where a remote attacker can perform DoS by sending ftp:// URLs in
HTTP Request mes... Fri, 03 Nov 2023 04:14:51 CVE-2023-46847 Squid is vulnerable
to a Denial of Service, where a remote attacker can perform buffer overflow
attack by writing up to 2 MB... Fri, 03 Nov 2023 04:11:51 CVE-2023-46846 SQUID
is vulnerable to HTTP request smuggling, caused by chunked decoder lenience,
allows a remote attacker to perform Reques... Fri, 03 Nov 2023 04:08:51
CVE-2023-4091 A vulnerability was discovered in Samba, where the flaw allows SMB
clients to truncate files, even with read-only permissions... Fri, 03 Nov 2023
04:05:51 CVE-2023-1194 An out-of-bounds (OOB) memory read flaw was found in
parse_lease_state in the KSMBD implementation of the in-kernel samba ser... Fri,
03 Nov 2023 04:02:50 CVE-2023-5948 Improper Authorization in GitHub repository
teamamaze/amazefileutilities prior to 1.91. Fri, 03 Nov 2023 03:17:28
CVE-2023-5763 In Eclipse Glassfish 5 or 6, running with old versions of JDK
(lower than 6u211, or < 7u201, or < 8u191), allows remote attac... Fri, 03 Nov
2023 03:14:28 CVE-2023-41357 Galaxy Software Services Corporation Vitals ESP is
an online knowledge base management portal, it has insufficient filtering ...
Fri, 03 Nov 2023 03:11:28 CVE-2023-41356 NCSIST ManageEngine Mobile Device
Manager(MDM) APP's special function has a path traversal vulnerability. An
unauthenticated ... Fri, 03 Nov 2023 03:08:28 CVE-2023-41344 NCSIST ManageEngine
Mobile Device Manager(MDM) APP's special function has a path traversal
vulnerability. An unauthenticated ... Fri, 03 Nov 2023 03:05:27 CVE-2023-41355
Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input
validation for ICMP redirect messages. An unau... Fri, 03 Nov 2023 02:17:06
CVE-2023-41354 Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block
ICMP TIMESTAMP requests by default, an unauthenticated remot... Fri, 03 Nov 2023
02:14:06 CVE-2023-41353 Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of
weak password requirements. A remote attacker with regular user privil... Fri,
03 Nov 2023 02:11:06 CVE-2023-41352 Chunghwa Telecom NOKIA G-040W-Q has a
vulnerability of insufficient filtering for user input. A remote attacker with
administ... Fri, 03 Nov 2023 02:08:06 CVE-2023-41351 Chunghwa Telecom NOKIA
G-040W-Q has a vulnerability of authentication bypass, which allows an
unauthenticated remote attacker... Fri, 03 Nov 2023 02:05:06 CVE-2023-46817 An
issue was discovered in phpFox before 4.8.14. The url request parameter passed
to the /core/redirect route is not properly... Fri, 03 Nov 2023 01:56:00
CVE-2023-45362 An issue was discovered in DifferenceEngine.php in MediaWiki
before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x ... Fri, 03 Nov
2023 01:52:59 CVE-2023-45360 An issue was discovered in MediaWiki before
1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is
... Fri, 03 Nov 2023 01:49:59 CVE-2023-45024 Best Practical Request Tracker (RT)
5 before 5.0.5 allows Information Disclosure via a transaction search in the
transaction ... Fri, 03 Nov 2023 01:46:59 CVE-2023-44271 An issue was discovered
in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates
memory to process a ... Fri, 03 Nov 2023 01:43:59 CVE-2023-43982 Bon Presta
boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a
Server-Side Request Forgery (SSRF) via t... Fri, 03 Nov 2023 01:40:58
CVE-2023-43665 In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before
4.2.6, the django.utils.text.Truncator chars() and words() met... Fri, 03 Nov
2023 01:37:58 CVE-2023-41914 SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x
before 22.05.10 allows filesystem race conditions for gaining ownership of a...
Fri, 03 Nov 2023 01:34:58 CVE-2023-41350 Chunghwa Telecom NOKIA G-040W-Q has a
vulnerability of insufficient measures to prevent multiple failed authentication
attemp... Fri, 03 Nov 2023 01:31:58 CVE-2023-41348 ASUS RT-AX55’s
authentication-related function has a vulnerability of insufficient filtering of
special characters within i... Fri, 03 Nov 2023 01:28:58 CVE-2023-41347 ASUS
RT-AX55’s authentication-related function has a vulnerability of insufficient
filtering of special characters within i... Fri, 03 Nov 2023 01:25:57
CVE-2023-41346 ASUS RT-AX55’s authentication-related function has a
vulnerability of insufficient filtering of special characters within i... Fri,
03 Nov 2023 01:22:57 CVE-2023-41345 ASUS RT-AX55’s authentication-related
function has a vulnerability of insufficient filtering of special characters
within i... Fri, 03 Nov 2023 01:19:57 CVE-2023-41343 Rogic No-Code Database
Builder's file uploading function has insufficient filtering for special
characters. A remote attacker... Fri, 03 Nov 2023 01:16:57 CVE-2023-41260 Best
Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows
Information Exposure in responses to mail-gatewa... Fri, 03 Nov 2023 01:13:56
CVE-2023-41259 Best Practical Request Tracker (RT) before 4.4.7 and 5.x before
5.0.5 allows Information Disclosure via fake or spoofed RT em... Fri, 03 Nov
2023 01:10:56 CVE-2023-41164 In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and
4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a pote...
Fri, 03 Nov 2023 01:07:56 CVE-2023-38965 Lost and Found Information System 1.0
allows account takeover via username and password to a /classes/Users.php?f=save
URI. Fri, 03 Nov 2023 01:04:56 CVE-2023-36621 An issue was discovered in the
Boomerang Parental Control application through 13.83 for Android. The child can
use Safe Mode ... Fri, 03 Nov 2023 00:23:01 CVE-2023-36620 An issue was
discovered in the Boomerang Parental Control application before 13.83 for
Android. The app is missing the androi... Fri, 03 Nov 2023 00:20:01
CVE-2023-34261 Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow
identification of valid user accounts via username enumeratio... Fri, 03 Nov
2023 00:17:00 CVE-2023-34260 Kyocera TASKalfa 4053ci printers through
2VG_S000.002.561 allow a denial of service (service outage) via
/wlmdeu%2f%2e%2e%2f%... Fri, 03 Nov 2023 00:14:00 CVE-2023-34259 Kyocera
TASKalfa 4053ci printers through 2VG_S000.002.561 allow
/wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitra... Fri, 03 Nov
2023 00:11:00 CVE-2023-31102 7-Zip through 22.01 on Linux allows an integer
underflow and code execution via a crafted 7Z archive. Fri, 03 Nov 2023 00:08:00
CVE-2020-28407 In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker
may be able to overwrite arbitrary files via a symlink attack ... Fri, 03 Nov
2023 00:05:00 CVE-2023-46954 SQL Injection vulnerability in Relativity ODA LLC
RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to ...
Thu, 02 Nov 2023 23:10:33 CVE-2023-35896 IBM Content Navigator 3.0.13 is
vulnerable to server-side request forgery (SSRF). This may allow an
authenticated attacker to... Thu, 02 Nov 2023 23:07:33 CVE-2023-46176 IBM MQ
Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the
system, caused by improper validation... Thu, 02 Nov 2023 21:16:18
CVE-2023-36034 Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability Thu, 02 Nov 2023 21:13:18
© CVE.report 2023 |
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. It is the
responsibility of user to evaluate the accuracy, completeness or usefulness of
any information, opinion, advice or other content. EACH USER WILL BE SOLELY
RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this
web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will
NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.
CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the
authoritative source of CVE content is MITRE's CVE web site. This site includes
MITRE data granted under the following license.
CVE.report and Source URL Uptime Status status.cve.report