CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.

Read the API docs

[rss] [api]
Recent CVEs
Recently updated CVE records
CVE Description Updated
CVE-2026-39087 json ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs. Sat, 04 Jul 2026 12:27:11
CVE-2026-14633 json A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04.... Sat, 04 Jul 2026 12:27:11
CVE-2026-14632 json A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affe... Sat, 04 Jul 2026 12:27:11
CVE-2026-14355 json In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm... Sat, 04 Jul 2026 12:27:11
CVE-2024-21488 json Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process ex... Sat, 04 Jul 2026 12:27:11
CVE-2026-14630 json A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get... Sat, 04 Jul 2026 11:27:09
CVE-2026-14629 json A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_... Sat, 04 Jul 2026 10:27:08
CVE-2026-14535 json In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls Analys... Sat, 04 Jul 2026 10:27:08
CVE-2026-14534 json Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubproces... Sat, 04 Jul 2026 10:27:08
CVE-2026-14628 json A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the fil... Sat, 04 Jul 2026 09:27:07
CVE-2026-14627 json A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapte... Sat, 04 Jul 2026 09:27:07
CVE-2025-13475 json In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between... Sat, 04 Jul 2026 09:27:07
CVE-2026-53362 json In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path ... Sat, 04 Jul 2026 08:26:33
CVE-2026-53361 json In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor ... Sat, 04 Jul 2026 08:26:33
CVE-2026-53360 json In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in... Sat, 04 Jul 2026 08:26:33
CVE-2026-53359 json In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpe... Sat, 04 Jul 2026 08:26:33
CVE-2026-53341 json In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked ->mnt_ns read in may_de... Sat, 04 Jul 2026 08:26:33
CVE-2026-53332 json In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creatin... Sat, 04 Jul 2026 08:26:33
CVE-2026-53329 json In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc_array() in dal_vector_rese... Sat, 04 Jul 2026 08:26:33
CVE-2026-53327 json In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fill_pool() if pi_blocked_on On RT... Sat, 04 Jul 2026 08:26:33
CVE-2026-53326 json In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill_pool() in early boot hardi... Sat, 04 Jul 2026 08:26:33
CVE-2026-53325 json In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_pro... Sat, 04 Jul 2026 08:26:33
CVE-2026-53179 json In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtw_update_p... Sat, 04 Jul 2026 08:26:33
CVE-2026-53177 json In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer dereference PCIe errors detec... Sat, 04 Jul 2026 08:26:33
CVE-2026-53167 json In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios FUS... Sat, 04 Jul 2026 08:26:33
CVE-2026-53163 json In the Linux kernel, the following vulnerability has been resolved: locking/rtmutex: Skip remove_waiter() when waiter is not... Sat, 04 Jul 2026 08:26:33
CVE-2026-14626 json A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run... Sat, 04 Jul 2026 08:26:33
CVE-2026-14625 json A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exe... Sat, 04 Jul 2026 08:26:33
CVE-2026-12196 json HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel... Sat, 04 Jul 2026 08:26:33
CVE-2026-12195 json myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary comman... Sat, 04 Jul 2026 08:26:33
CVE-2026-53159 json In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vm... Sat, 04 Jul 2026 08:26:32
CVE-2026-53158 json In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg cal... Sat, 04 Jul 2026 08:26:32
CVE-2026-53157 json In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU grace period ... Sat, 04 Jul 2026 08:26:32
CVE-2026-53151 json In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for ... Sat, 04 Jul 2026 08:26:32
CVE-2026-53142 json In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without dis... Sat, 04 Jul 2026 08:26:32
CVE-2026-53139 json In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Skip CSD when it has zeroed workgroups A compu... Sat, 04 Jul 2026 08:26:32
CVE-2026-53138 json In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops [W... Sat, 04 Jul 2026 08:26:32
CVE-2026-53101 json In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix potential deadlock in mt7921_roc... Sat, 04 Jul 2026 08:26:32
CVE-2026-53070 json In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udp_tunnel_xmit_skb() u... Sat, 04 Jul 2026 08:26:32
CVE-2026-52975 json In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port->aggre... Sat, 04 Jul 2026 08:26:32
CVE-2026-52928 json In the Linux kernel, the following vulnerability has been resolved: af_unix: Reject SIOCATMARK on non-stream sockets SIOCAT... Sat, 04 Jul 2026 08:26:32
CVE-2026-52909 json In the Linux kernel, the following vulnerability has been resolved: ip6_vti: set netns_immutable on the fallback device. jo... Sat, 04 Jul 2026 08:26:32
CVE-2026-46331 json In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache c... Sat, 04 Jul 2026 08:26:32
CVE-2026-46252 json In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply... Sat, 04 Jul 2026 08:26:32
CVE-2026-46054 json In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access chec... Sat, 04 Jul 2026 08:26:32
CVE-2026-23052 json In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remai... Sat, 04 Jul 2026 08:26:31
CVE-2025-23131 json In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_... Sat, 04 Jul 2026 08:26:31
CVE-2022-49803 json In the Linux kernel, the following vulnerability has been resolved: netdevsim: Fix memory leak of nsim_dev->fa_cookie kmeml... Sat, 04 Jul 2026 08:26:31
CVE-2026-14624 json A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf... Sat, 04 Jul 2026 07:26:14
CVE-2026-14623 json A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport o... Sat, 04 Jul 2026 06:24:53
CVE-2026-14622 json A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vu... Sat, 04 Jul 2026 05:23:53
CVE-2026-14621 json A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggr... Sat, 04 Jul 2026 05:23:53
CVE-2026-14619 json A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of... Sat, 04 Jul 2026 04:23:14
CVE-2026-12194 json PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execut... Sat, 04 Jul 2026 04:23:14
CVE-2026-14618 json A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amf_nnrf_handle_nf_discov... Sat, 04 Jul 2026 03:22:35
CVE-2026-12252 json In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParse... Fri, 03 Jul 2026 22:19:54
CVE-2025-71380 json The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. A... Fri, 03 Jul 2026 22:19:54
CVE-2025-71375 json picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for maliciou... Fri, 03 Jul 2026 22:19:54
CVE-2025-71373 json picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass s... Fri, 03 Jul 2026 22:19:54
CVE-2025-71372 json Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing... Fri, 03 Jul 2026 22:19:54
CVE-2025-71369 json picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandle... Fri, 03 Jul 2026 22:19:54
CVE-2025-71367 json picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass... Fri, 03 Jul 2026 22:19:54
CVE-2025-71366 json picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle file... Fri, 03 Jul 2026 22:19:54
CVE-2025-71364 json picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce me... Fri, 03 Jul 2026 22:19:54
CVE-2025-71362 json picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary... Fri, 03 Jul 2026 22:19:54
CVE-2025-71360 json picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. ... Fri, 03 Jul 2026 22:19:53
CVE-2025-71359 json picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the re... Fri, 03 Jul 2026 22:19:53
CVE-2025-71356 json picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression ... Fri, 03 Jul 2026 22:19:53
CVE-2025-71353 json picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function i... Fri, 03 Jul 2026 22:19:53
CVE-2025-71347 json picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce m... Fri, 03 Jul 2026 22:19:53
CVE-2025-71345 json picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof... Fri, 03 Jul 2026 22:19:53
CVE-2025-71343 json picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label fu... Fri, 03 Jul 2026 22:19:53
CVE-2025-71342 json picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attack... Fri, 03 Jul 2026 22:19:53
CVE-2026-54424 json An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privileg... Fri, 03 Jul 2026 21:18:22
CVE-2026-58523 json Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a net... Fri, 03 Jul 2026 18:31:43
CVE-2026-14617 json A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStre... Fri, 03 Jul 2026 18:31:43
CVE-2026-58597 json Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform... Fri, 03 Jul 2026 17:31:45
CVE-2026-58524 json Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allow... Fri, 03 Jul 2026 17:31:45
CVE-2026-58522 json Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. Fri, 03 Jul 2026 17:31:45
CVE-2026-58426 json Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write Fri, 03 Jul 2026 17:31:45
CVE-2026-58424 json Permanent Fork PR Workflow Approval Gate Bypass Fri, 03 Jul 2026 17:31:45
CVE-2026-58423 json LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories Fri, 03 Jul 2026 17:31:45
CVE-2026-58422 json Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts Fri, 03 Jul 2026 17:31:45
CVE-2026-58421 json Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service Fri, 03 Jul 2026 17:31:45
CVE-2026-58419 json Notification API leaks private issue metadata after access revocation Fri, 03 Jul 2026 17:31:44
CVE-2026-58418 json SSRF via HTTP Redirect in Repository Migration Fri, 03 Jul 2026 17:31:44
CVE-2026-58300 json Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. Fri, 03 Jul 2026 17:31:44
CVE-2026-58299 json Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute co... Fri, 03 Jul 2026 17:31:44
CVE-2026-58298 json Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allow... Fri, 03 Jul 2026 17:31:44
CVE-2026-58297 json Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attack... Fri, 03 Jul 2026 17:31:44
CVE-2026-58296 json Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attack... Fri, 03 Jul 2026 17:31:44
CVE-2026-58295 json Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attac... Fri, 03 Jul 2026 17:31:44
CVE-2026-58294 json Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Fri, 03 Jul 2026 17:31:44
CVE-2026-58293 json External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over... Fri, 03 Jul 2026 17:31:44
CVE-2026-58292 json Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Fri, 03 Jul 2026 17:31:44
CVE-2026-58291 json Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to dis... Fri, 03 Jul 2026 17:31:44
CVE-2026-58290 json Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attac... Fri, 03 Jul 2026 17:31:44
CVE-2026-58289 json Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attac... Fri, 03 Jul 2026 17:31:44
CVE-2026-58288 json Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Fri, 03 Jul 2026 17:31:44
CVE-2026-58287 json Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Fri, 03 Jul 2026 17:31:44
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report