CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-45409 json | Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Appli... | Fri, 05 Jun 2026 19:28:14 |
| CVE-2026-7654 json | The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up ... | Fri, 05 Jun 2026 19:28:14 |
| CVE-2026-7523 json | The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This i... | Fri, 05 Jun 2026 19:28:14 |
| CVE-2026-11431 json | A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium... | Fri, 05 Jun 2026 18:27:44 |
| CVE-2026-11429 json | A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The ser... | Fri, 05 Jun 2026 18:27:44 |
| CVE-2026-11424 json | A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server a... | Fri, 05 Jun 2026 18:27:44 |
| CVE-2026-11416 json | MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the ... | Fri, 05 Jun 2026 18:27:44 |
| CVE-2026-37737 json | sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py ... | Fri, 05 Jun 2026 17:27:43 |
| CVE-2026-36785 json | Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of t... | Fri, 05 Jun 2026 17:27:43 |
| CVE-2026-11423 json | A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-... | Fri, 05 Jun 2026 17:27:43 |
| CVE-2026-11422 json | Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom renderin... | Fri, 05 Jun 2026 17:27:43 |
| CVE-2026-7763 json | A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software vers... | Fri, 05 Jun 2026 17:27:43 |
| CVE-2026-7762 json | A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software ve... | Fri, 05 Jun 2026 17:27:42 |
| CVE-2024-6858 json | In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exi... | Fri, 05 Jun 2026 17:27:42 |
| CVE-2026-48040 json | The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using... | Fri, 05 Jun 2026 17:12:42 |
| CVE-2026-41207 json | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non... | Fri, 05 Jun 2026 17:12:42 |
| CVE-2026-40898 json | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allo... | Fri, 05 Jun 2026 17:12:42 |
| CVE-2025-70101 json | An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attacker... | Fri, 05 Jun 2026 17:12:42 |
| CVE-2025-70100 json | A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allo... | Fri, 05 Jun 2026 17:12:42 |
| CVE-2026-46493 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating sal... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-46401 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-46400 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, ... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-46398 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, ... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-46397 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inc... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-46357 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application ... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-45779 json | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD ... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-45778 json | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker c... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-45777 json | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-45776 json | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's acce... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-45758 json | Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an at... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-45300 json | The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP re... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-25624 json | An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge T... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-25623 json | An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Managemen... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-25622 json | A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generat... | Fri, 05 Jun 2026 16:57:46 |
| CVE-2026-25621 json | A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall ... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-25620 json | An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threa... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11420 json | Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthentic... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11419 json | A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validati... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11414 json | A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because t... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11401 json | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will a... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11400 json | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11224 json | Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary ... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11205 json | Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote ... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11197 json | Insufficient policy enforcement in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromi... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11185 json | Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious ... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11173 json | Out of bounds write in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer ... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11171 json | Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside ... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11164 json | Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a ... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11149 json | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker wh... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11147 json | Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary cod... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11136 json | Use after free in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11130 json | Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a ... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11125 json | Use after free in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code ins... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-11118 json | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a... | Fri, 05 Jun 2026 16:57:45 |
| CVE-2026-46273 json | In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some ph... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-46272 json | In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-46271 json | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In c... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-46270 json | In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_suppl... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-46269 json | In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-46268 json | In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition C... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-46267 json | In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing con... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-11042 json | Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in s... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-11038 json | Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-11037 json | Out of bounds write in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sand... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-11000 json | Use after free in Fonts in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code ... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-10891 json | Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap ... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-8889 json | Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIP... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-8888 json | Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaSc... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-8881 json | Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encr... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-8874 json | Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over ... | Fri, 05 Jun 2026 16:57:44 |
| CVE-2026-46266 json | In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming I... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46265 json | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is use... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46264 json | In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46263 json | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index ... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46262 json | In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46261 json | In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46260 json | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). sy... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46259 json | In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_par... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46258 json | In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create(... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46257 json | In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_c... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46256 json | In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS v... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46255 json | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in ... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46254 json | In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables ... | Fri, 05 Jun 2026 16:57:43 |
| CVE-2026-46253 json | In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_o... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-46252 json | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-46251 json | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When ... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-46250 json | In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global reg... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-46249 json | In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel boot... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-46248 json | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->links_m... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-46247 json | In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map Afte... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-46246 json | In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-46245 json | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD init ... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-46244 json | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nf... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2025-71314 json | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches() fai... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2025-71313 json | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueu... | Fri, 05 Jun 2026 16:57:42 |
| CVE-2026-11276 json | Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment... | Fri, 05 Jun 2026 16:42:43 |
| CVE-2026-11262 json | Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a ... | Fri, 05 Jun 2026 16:42:43 |
| CVE-2026-11249 json | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer ... | Fri, 05 Jun 2026 16:42:43 |
| CVE-2026-11248 json | Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navig... | Fri, 05 Jun 2026 16:42:43 |
| CVE-2026-11247 json | Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to... | Fri, 05 Jun 2026 16:42:42 |