CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-52911 json | In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn->binding slowpath to bound sessions on... | Sun, 21 Jun 2026 04:18:39 |
| CVE-2026-12784 json | A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA... | Sun, 21 Jun 2026 04:18:39 |
| CVE-2026-12782 json | A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the... | Sun, 21 Jun 2026 04:18:38 |
| CVE-2026-12781 json | A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the libr... | Sun, 21 Jun 2026 04:18:38 |
| CVE-2026-12780 json | A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of... | Sun, 21 Jun 2026 02:18:07 |
| CVE-2026-12779 json | A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the libr... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12778 json | A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the lib... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12776 json | A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unk... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12775 json | A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by ... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12770 json | A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litel... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12774 json | A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _e... | Sun, 21 Jun 2026 00:18:03 |
| CVE-2026-12773 json | A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/p... | Sun, 21 Jun 2026 00:18:03 |
| CVE-2026-12772 json | A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file ... | Sat, 20 Jun 2026 23:17:03 |
| CVE-2026-12771 json | A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/au... | Sat, 20 Jun 2026 22:46:41 |
| CVE-2026-56355 json | GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization. | Sat, 20 Jun 2026 17:25:16 |
| CVE-2026-56347 json | AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56346 json | AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allo... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56345 json | AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56342 json | AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenti... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56341 json | AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorizatio... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56340 json | vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorc... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2025-71379 json | vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several reg... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-5366 json | Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRe... | Sat, 20 Jun 2026 13:20:55 |
| CVE-2026-56332 json | Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirec... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56330 json | Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unva... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56325 json | Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolv... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56319 json | Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allow... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56317 json | Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component ... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56307 json | Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56304 json | picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create ... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56295 json | Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56294 json | capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceede... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56282 json | Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that expo... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56276 json | Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated user... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56267 json | Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint tha... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56235 json | Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, g... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56228 json | Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configurat... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56227 json | Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56218 json | Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information ... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2025-71331 json | Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messa... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2024-58351 json | Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, s... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-12673 json | Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation fr... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2022-50972 json | WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injec... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2020-37255 json | WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers t... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2019-25763 json | WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2026-48939 json | A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ult... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2026-48909 json | SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthentic... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2026-48908 json | A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately ... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2019-25752 json | Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to ... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2019-25749 json | Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary ... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2026-12119 json | The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check ... | Sat, 20 Jun 2026 05:29:46 |
| CVE-2026-11912 json | The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization chec... | Sat, 20 Jun 2026 05:29:46 |
| CVE-2026-11911 json | The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation i... | Sat, 20 Jun 2026 05:29:46 |
| CVE-2026-9843 json | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due t... | Fri, 19 Jun 2026 22:37:27 |
| CVE-2026-9265 json | Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attri... | Fri, 19 Jun 2026 22:37:27 |
| CVE-2026-56216 json | Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-lim... | Fri, 19 Jun 2026 21:22:45 |
| CVE-2026-56215 json | Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which th... | Fri, 19 Jun 2026 21:22:45 |
| CVE-2026-56214 json | Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_trial_org and i... | Fri, 19 Jun 2026 21:22:45 |
| CVE-2026-56213 json | Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER funct... | Fri, 19 Jun 2026 21:22:45 |
| CVE-2026-56212 json | Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security s... | Fri, 19 Jun 2026 21:22:44 |
| CVE-2026-11551 json | The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and includi... | Fri, 19 Jun 2026 20:22:33 |
| CVE-2026-56082 json | Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC ... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-56081 json | Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-56080 json | Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and succ... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-56079 json | Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scope... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-56073 json | Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass em... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-50559 json | Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-50519 json | Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacke... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-49346 json | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with la... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-49337 json | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL ... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-49295 json | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can ca... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-48794 json | Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SS... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-48584 json | Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-48582 json | Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-48129 json | Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra t... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-47645 json | Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker ... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-47636 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-47203 json | Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SS... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45649 json | Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45645 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45643 json | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45486 json | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45485 json | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45482 json | Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacke... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45480 json | Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45475 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45474 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-42895 json | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthoriz... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-32208 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allow... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-11527 json | Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -f... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45472 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45471 json | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45469 json | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45466 json | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45463 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45461 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45460 json | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45459 json | Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45458 json | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute ... | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45457 json | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |