CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-40494 json | SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior ... | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-40493 json | SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior ... | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-40492 json | SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior ... | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-40491 json | gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack with... | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-37344 json | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_locatio... | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-37343 json | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.ph... | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-37342 json | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_de... | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-37341 json | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_categor... | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-37340 json | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php. | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-37339 json | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php. | Fri, 17 Apr 2026 23:25:07 |
| CVE-2026-40490 json | The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP re... | Fri, 17 Apr 2026 22:25:05 |
| CVE-2026-40489 json | editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and i... | Fri, 17 Apr 2026 22:25:05 |
| CVE-2026-40487 json | Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticat... | Fri, 17 Apr 2026 22:25:04 |
| CVE-2026-35582 json | Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS... | Fri, 17 Apr 2026 22:25:04 |
| CVE-2026-1838 json | The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all versi... | Fri, 17 Apr 2026 22:25:04 |
| CVE-2026-1559 json | The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter in all ver... | Fri, 17 Apr 2026 22:25:04 |
| CVE-2026-40572 json | NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMap... | Fri, 17 Apr 2026 21:24:14 |
| CVE-2026-40350 json | Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated... | Fri, 17 Apr 2026 21:24:14 |
| CVE-2026-40317 json | NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUse... | Fri, 17 Apr 2026 21:24:14 |
| CVE-2026-35465 json | SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureD... | Fri, 17 Apr 2026 21:24:14 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Fri, 17 Apr 2026 21:08:14 |
| CVE-2026-40593 json | ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders st... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40582 json | ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validat... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40581 json | ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (Select... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40485 json | ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/public/... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40484 json | ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality e... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40483 json | ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment ... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40482 json | ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemb... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40480 json | ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loa... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40349 json | Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40348 json | Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40347 json | Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability ... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40346 json | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to ver... | Fri, 17 Apr 2026 20:22:11 |
| CVE-2026-40341 json | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40340 json | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerabili... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40339 json | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unp... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40338 json | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40337 json | The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task ... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40336 json | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40335 json | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unp... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40334 json | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists i... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40333 json | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40324 json | Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recu... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40323 json | SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture.... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-2262 json | The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includi... | Fri, 17 Apr 2026 20:22:10 |
| CVE-2026-40486 json | Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint (PATCH /ap... | Fri, 17 Apr 2026 19:21:57 |
| CVE-2026-40481 json | monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint bu... | Fri, 17 Apr 2026 19:21:57 |
| CVE-2026-40479 json | Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEs... | Fri, 17 Apr 2026 19:21:57 |
| CVE-2026-5250 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Fri, 17 Apr 2026 19:21:57 |
| CVE-2026-2434 json | The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in ... | Fri, 17 Apr 2026 19:21:57 |
| CVE-2026-40478 json | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40477 json | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40476 json | graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40474 json | wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permissi... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40353 json | wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in Abstract... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40352 json | FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL ... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40351 json | FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript ty... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40321 json | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versio... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40306 json | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new install... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40305 json | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in ver... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40304 json | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler (contro... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40258 json | The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a p... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-29013 json | libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/o... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-5720 json | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a de... | Fri, 17 Apr 2026 18:19:58 |
| CVE-2026-40103 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for cu... | Fri, 17 Apr 2026 18:04:35 |
| CVE-2026-35602 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the att... | Fri, 17 Apr 2026 18:04:35 |
| CVE-2026-35601 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar ... | Fri, 17 Apr 2026 18:04:35 |
| CVE-2026-33618 json | Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() me... | Fri, 17 Apr 2026 18:04:35 |
| CVE-2025-66447 json | Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the u... | Fri, 17 Apr 2026 18:04:35 |
| CVE-2026-40228 json | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" ... | Fri, 17 Apr 2026 18:04:34 |
| CVE-2026-35600 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdo... | Fri, 17 Apr 2026 18:04:34 |
| CVE-2026-35599 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an ... | Fri, 17 Apr 2026 18:04:34 |
| CVE-2026-35598 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList... | Fri, 17 Apr 2026 18:04:34 |
| CVE-2026-35597 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is ... | Fri, 17 Apr 2026 18:04:34 |
| CVE-2026-35596 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL ... | Fri, 17 Apr 2026 18:04:34 |
| CVE-2026-35595 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_per... | Fri, 17 Apr 2026 18:04:34 |
| CVE-2026-22560 json | An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by mani... | Fri, 17 Apr 2026 18:04:34 |
| CVE-2026-33141 json | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-32932 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session c... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-32931 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in th... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-32930 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vuln... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-32894 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vuln... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-32893 json | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-32892 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vu... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-31941 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forg... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-31940 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled reque... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-31939 json | Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php lead... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2025-15602 json | Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently prot... | Fri, 17 Apr 2026 17:34:31 |
| CVE-2026-28518 json | OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import h... | Fri, 17 Apr 2026 17:34:30 |
| CVE-2026-40527 json | radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF b... | Fri, 17 Apr 2026 17:19:32 |
| CVE-2026-40303 json | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie p... | Fri, 17 Apr 2026 17:19:32 |
| CVE-2026-40302 json | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine ... | Fri, 17 Apr 2026 17:19:32 |
| CVE-2026-40301 json | DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize() allows <style> ele... | Fri, 17 Apr 2026 17:19:32 |
| CVE-2026-40299 json | next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware prior to version 4.9.1with... | Fri, 17 Apr 2026 17:19:31 |
| CVE-2026-40293 json | OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configu... | Fri, 17 Apr 2026 17:19:31 |
| CVE-2026-40286 json | WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerab... | Fri, 17 Apr 2026 17:19:31 |
| CVE-2026-40285 json | WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/mem... | Fri, 17 Apr 2026 17:19:31 |
| CVE-2026-40284 json | WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerab... | Fri, 17 Apr 2026 17:19:31 |
| CVE-2026-40282 json | WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerab... | Fri, 17 Apr 2026 17:19:31 |
| CVE-2026-40196 json | HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ... | Fri, 17 Apr 2026 17:19:31 |