CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-53755 json | Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destina... | Mon, 29 Jun 2026 12:59:41 |
| CVE-2026-53754 json | Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (valid... | Mon, 29 Jun 2026 12:59:41 |
| CVE-2026-53753 json | Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the co... | Mon, 29 Jun 2026 12:59:41 |
| CVE-2026-20189 json | A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remot... | Mon, 29 Jun 2026 12:59:41 |
| CVE-2026-57340 json | Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions. | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-41052 json | Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13750 json | Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13749 json | Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowe... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13748 json | Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to ... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13746 json | Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A u... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13744 json | Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL executi... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13742 json | Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification ... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13587 json | A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file ... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13583 json | A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBF... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13582 json | A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAc... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13581 json | A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13580 json | A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/f... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-13437 json | Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-9105 json | An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. ... | Mon, 29 Jun 2026 12:29:31 |
| CVE-2026-57339 json | Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57338 json | Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57337 json | Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57336 json | Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57334 json | Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57333 json | Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57332 json | Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57331 json | Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57330 json | Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57328 json | Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57327 json | Subscriber Broken Access Control in MainWP <= 6.1.1 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57326 json | Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-57320 json | Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions. | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-56290 json | The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executab... | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-56124 json | phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to acc... | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-55607 json | Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktr... | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-49049 json | The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, w... | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-46406 json | Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcod... | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-13579 json | A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functio... | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-13578 json | A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unkn... | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-13573 json | A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library... | Mon, 29 Jun 2026 12:29:30 |
| CVE-2026-58058 json | Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetu... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-54370 json | acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local atta... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13571 json | A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the f... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13569 json | A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of ... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13563 json | A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2T... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13557 json | A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13551 json | A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13545 json | A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of the file setconf.cgi of th... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13539 json | A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the ... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13533 json | A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc:... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13527 json | A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown fu... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13521 json | A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability ... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13515 json | A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13509 json | A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_fil... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13501 json | A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTar... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13495 json | A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /a... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-13487 json | A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of th... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-12856 json | A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension inc... | Mon, 29 Jun 2026 12:29:29 |
| CVE-2026-58052 json | 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its gua... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-57642 json | Contributor SQL Injection in Gallery <= 4.7.8 versions. | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-57629 json | Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions. | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-57321 json | Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions. | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-57314 json | Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions. | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-55189 json | RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is ... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-54351 json | Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessibl... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-53576 json | Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the ... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-52785 json | OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in ti... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-52779 json | OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authori... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-50132 json | Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public end... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-48743 json | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and ... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-47775 json | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and ... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-44735 json | OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoin... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-13335 json | The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Pos... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-12471 json | The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin f... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-11597 json | The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-f... | Mon, 29 Jun 2026 12:29:28 |
| CVE-2026-56061 json | Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions. | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-56048 json | Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0... | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-56041 json | Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions. | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-56034 json | Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions. | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-56008 json | Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions. | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-55697 json | pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml b... | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-55666 json | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6... | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-53550 json | js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CP... | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-12760 json | A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to impro... | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-12164 json | Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevate... | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-6951 json | Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [... | Mon, 29 Jun 2026 12:29:27 |
| CVE-2025-68075 json | Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions. | Mon, 29 Jun 2026 12:29:27 |
| CVE-2025-64637 json | Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. | Mon, 29 Jun 2026 12:29:27 |
| CVE-2024-21490 json | This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression u... | Mon, 29 Jun 2026 12:29:27 |
| CVE-2026-54040 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup... | Mon, 29 Jun 2026 12:14:15 |
| CVE-2026-54025 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in L... | Mon, 29 Jun 2026 12:14:14 |
| CVE-2026-54024 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (c... | Mon, 29 Jun 2026 12:14:14 |
| CVE-2026-49980 json | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 unt... | Mon, 29 Jun 2026 12:14:14 |
| CVE-2026-49979 json | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test... | Mon, 29 Jun 2026 12:14:14 |
| CVE-2026-54037 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 add... | Mon, 29 Jun 2026 11:58:41 |
| CVE-2026-54033 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to con... | Mon, 29 Jun 2026 11:43:39 |
| CVE-2026-54029 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:con... | Mon, 29 Jun 2026 11:43:39 |
| CVE-2026-40698 json | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resou... | Mon, 29 Jun 2026 11:43:39 |
| CVE-2026-57525 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Mon, 29 Jun 2026 11:28:45 |
| CVE-2026-57523 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Mon, 29 Jun 2026 11:28:45 |