cve.report
Open in
urlscan Pro
2606:4700:3108::ac42:2b86
Public Scan
Submitted URL: http://cve.report/
Effective URL: https://cve.report/
Submission: On November 28 via manual from US — Scanned from DE
Effective URL: https://cve.report/
Submission: On November 28 via manual from US — Scanned from DE
Form analysis
2 forms found in the DOMGET ../../../search.php
<form action="../../../search.php" method="get" target="blank">
<div class="form-group">
<input type="text" class="form-control" id="search" name="search" title="CVE.report Search" placeholder="CVE.report Search">
</div>
</form>
GET ../../../search.php
<form action="../../../search.php" method="get" target="blank">
<div class="form-group-lg">
<input type="text" class="form-control" id="formGroupInputLarge" name="search" placeholder="CVE.report Search">
</div>
</form>
Text Content
Refresh(Enable JavaScript first.) This website cve.report/ is currently offline. Cloudflare's Always Online™ shows a snapshot of this web page from the Internet Archive's Wayback Machine. To check for the live version, click Refresh. Toggle navigation * Home CVE.REPORT CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more. CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags CVSS CALCULATOR The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information. [rss] Recent CVEs CVE Description Date CVE-2023-40215 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon imag... Fri, 03 Nov 2023 20:13:40 CVE-2023-38391 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Bui... Fri, 03 Nov 2023 20:10:40 CVE-2023-35910 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar f... Fri, 03 Nov 2023 20:07:40 CVE-2023-32741 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT L... Fri, 03 Nov 2023 20:04:39 CVE-2023-45189 A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, ... Fri, 03 Nov 2023 19:07:57 CVE-2023-36677 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project ... Fri, 03 Nov 2023 19:04:57 CVE-2023-47235 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is ... Fri, 03 Nov 2023 17:12:15 CVE-2023-47234 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a... Fri, 03 Nov 2023 17:09:14 CVE-2023-47233 The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unpluggin... Fri, 03 Nov 2023 17:06:14 CVE-2023-41726 Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability Fri, 03 Nov 2023 16:21:39 CVE-2023-41725 Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability Fri, 03 Nov 2023 16:18:39 CVE-2022-44569 A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. Fri, 03 Nov 2023 16:15:39 CVE-2022-43555 Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability Fri, 03 Nov 2023 16:12:39 CVE-2022-43554 Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability Fri, 03 Nov 2023 16:09:38 CVE-2022-3172 A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL... Fri, 03 Nov 2023 16:06:38 CVE-2023-3893 A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-prox... Fri, 03 Nov 2023 14:07:07 CVE-2023-39301 A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exp... Fri, 03 Nov 2023 13:36:18 CVE-2023-39299 A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users t... Fri, 03 Nov 2023 13:33:18 CVE-2023-32508 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Y... Fri, 03 Nov 2023 13:30:18 CVE-2023-32121 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spa... Fri, 03 Nov 2023 13:27:18 CVE-2023-36529 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Rea... Fri, 03 Nov 2023 13:24:17 CVE-2023-34179 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundh... Fri, 03 Nov 2023 13:21:17 CVE-2023-25990 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allow... Fri, 03 Nov 2023 13:18:17 CVE-2023-25800 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allow... Fri, 03 Nov 2023 13:15:17 CVE-2023-25700 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allow... Fri, 03 Nov 2023 13:12:16 CVE-2023-23369 An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the v... Fri, 03 Nov 2023 13:09:16 CVE-2023-23368 An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the v... Fri, 03 Nov 2023 13:06:16 CVE-2023-46980 An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges v... Fri, 03 Nov 2023 12:11:31 CVE-2023-46404 PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escapi... Fri, 03 Nov 2023 12:08:31 CVE-2022-46818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email pos... Fri, 03 Nov 2023 12:05:30 CVE-2023-5946 The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in ver... Fri, 03 Nov 2023 10:08:39 CVE-2023-5088 A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 in... Fri, 03 Nov 2023 10:05:39 CVE-2023-46947 Subrion 4.2.1 has a remote command execution vulnerability in the backend. Fri, 03 Nov 2023 09:36:38 CVE-2023-26015 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPre... Fri, 03 Nov 2023 09:33:38 CVE-2023-25960 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Glo... Fri, 03 Nov 2023 09:30:38 CVE-2023-5945 The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This... Fri, 03 Nov 2023 09:27:38 CVE-2023-5707 The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post... Fri, 03 Nov 2023 09:24:38 CVE-2023-3961 A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets wi... Fri, 03 Nov 2023 09:21:37 CVE-2022-47445 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Complian... Fri, 03 Nov 2023 09:18:37 CVE-2022-47426 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Ne... Fri, 03 Nov 2023 09:15:37 CVE-2022-46859 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy C... Fri, 03 Nov 2023 09:12:37 CVE-2022-46808 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMe... Fri, 03 Nov 2023 09:09:36 CVE-2022-45805 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gat... Fri, 03 Nov 2023 09:06:36 CVE-2023-41652 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker... Fri, 03 Nov 2023 08:21:00 CVE-2023-34383 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manag... Fri, 03 Nov 2023 08:18:00 CVE-2023-4592 A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability coul... Fri, 03 Nov 2023 08:14:59 CVE-2023-4591 A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unaut... Fri, 03 Nov 2023 08:11:59 CVE-2023-3277 The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, ... Fri, 03 Nov 2023 08:08:59 CVE-2022-47588 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Pet... Fri, 03 Nov 2023 08:05:59 CVE-2023-4768 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability cou... Fri, 03 Nov 2023 07:14:10 CVE-2023-4767 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability cou... Fri, 03 Nov 2023 07:11:10 CVE-2023-4769 A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do ... Fri, 03 Nov 2023 07:08:10 CVE-2023-4043 In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit ... Fri, 03 Nov 2023 05:06:29 CVE-2023-1476 A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occ... Fri, 03 Nov 2023 05:03:29 CVE-2023-42670 A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, c... Fri, 03 Nov 2023 04:20:52 CVE-2023-5824 Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elem... Fri, 03 Nov 2023 04:17:51 CVE-2023-46848 Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request mes... Fri, 03 Nov 2023 04:14:51 CVE-2023-46847 Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB... Fri, 03 Nov 2023 04:11:51 CVE-2023-46846 SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Reques... Fri, 03 Nov 2023 04:08:51 CVE-2023-4091 A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions... Fri, 03 Nov 2023 04:05:51 CVE-2023-1194 An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba ser... Fri, 03 Nov 2023 04:02:50 CVE-2023-5948 Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91. Fri, 03 Nov 2023 03:17:28 CVE-2023-5763 In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attac... Fri, 03 Nov 2023 03:14:28 CVE-2023-41357 Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering ... Fri, 03 Nov 2023 03:11:28 CVE-2023-41356 NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated ... Fri, 03 Nov 2023 03:08:28 CVE-2023-41344 NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated ... Fri, 03 Nov 2023 03:05:27 CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unau... Fri, 03 Nov 2023 02:17:06 CVE-2023-41354 Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remot... Fri, 03 Nov 2023 02:14:06 CVE-2023-41353 Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privil... Fri, 03 Nov 2023 02:11:06 CVE-2023-41352 Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administ... Fri, 03 Nov 2023 02:08:06 CVE-2023-41351 Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker... Fri, 03 Nov 2023 02:05:06 CVE-2023-46817 An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly... Fri, 03 Nov 2023 01:56:00 CVE-2023-45362 An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x ... Fri, 03 Nov 2023 01:52:59 CVE-2023-45360 An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is ... Fri, 03 Nov 2023 01:49:59 CVE-2023-45024 Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction ... Fri, 03 Nov 2023 01:46:59 CVE-2023-44271 An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a ... Fri, 03 Nov 2023 01:43:59 CVE-2023-43982 Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via t... Fri, 03 Nov 2023 01:40:58 CVE-2023-43665 In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() met... Fri, 03 Nov 2023 01:37:58 CVE-2023-41914 SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a... Fri, 03 Nov 2023 01:34:58 CVE-2023-41350 Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attemp... Fri, 03 Nov 2023 01:31:58 CVE-2023-41348 ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within i... Fri, 03 Nov 2023 01:28:58 CVE-2023-41347 ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within i... Fri, 03 Nov 2023 01:25:57 CVE-2023-41346 ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within i... Fri, 03 Nov 2023 01:22:57 CVE-2023-41345 ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within i... Fri, 03 Nov 2023 01:19:57 CVE-2023-41343 Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker... Fri, 03 Nov 2023 01:16:57 CVE-2023-41260 Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gatewa... Fri, 03 Nov 2023 01:13:56 CVE-2023-41259 Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT em... Fri, 03 Nov 2023 01:10:56 CVE-2023-41164 In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a pote... Fri, 03 Nov 2023 01:07:56 CVE-2023-38965 Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. Fri, 03 Nov 2023 01:04:56 CVE-2023-36621 An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode ... Fri, 03 Nov 2023 00:23:01 CVE-2023-36620 An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the androi... Fri, 03 Nov 2023 00:20:01 CVE-2023-34261 Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeratio... Fri, 03 Nov 2023 00:17:00 CVE-2023-34260 Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%... Fri, 03 Nov 2023 00:14:00 CVE-2023-34259 Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitra... Fri, 03 Nov 2023 00:11:00 CVE-2023-31102 7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive. Fri, 03 Nov 2023 00:08:00 CVE-2020-28407 In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack ... Fri, 03 Nov 2023 00:05:00 CVE-2023-46954 SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to ... Thu, 02 Nov 2023 23:10:33 CVE-2023-35896 IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to... Thu, 02 Nov 2023 23:07:33 CVE-2023-46176 IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation... Thu, 02 Nov 2023 21:16:18 CVE-2023-36034 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Thu, 02 Nov 2023 21:13:18 © CVE.report 2023 | Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license. CVE.report and Source URL Uptime Status status.cve.report