CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-8612 json | WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, e... | Thu, 14 May 2026 22:23:14 |
| CVE-2026-0438 json | A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileg... | Thu, 14 May 2026 22:23:14 |
| CVE-2026-0432 json | Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve pri... | Thu, 14 May 2026 22:23:14 |
| CVE-2025-52540 json | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attack... | Thu, 14 May 2026 22:23:14 |
| CVE-2025-48521 json | Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Fr... | Thu, 14 May 2026 22:23:14 |
| CVE-2025-48520 json | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attack... | Thu, 14 May 2026 22:23:14 |
| CVE-2025-48519 json | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attack... | Thu, 14 May 2026 22:23:13 |
| CVE-2025-48512 json | Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could ... | Thu, 14 May 2026 22:23:13 |
| CVE-2025-0045 json | Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow... | Thu, 14 May 2026 22:23:13 |
| CVE-2024-36345 json | Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to... | Thu, 14 May 2026 22:23:13 |
| CVE-2026-42011 json | A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previo... | Thu, 14 May 2026 19:23:10 |
| CVE-2026-42010 json | A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched... | Thu, 14 May 2026 19:23:10 |
| CVE-2026-5201 json | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due... | Thu, 14 May 2026 19:23:09 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Thu, 14 May 2026 19:23:09 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Thu, 14 May 2026 19:23:09 |
| CVE-2026-4111 json | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read... | Thu, 14 May 2026 19:23:09 |
| CVE-2025-14831 json | A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) an... | Thu, 14 May 2026 19:23:09 |
| CVE-2012-4550 json | A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (E... | Thu, 14 May 2026 19:23:09 |
| CVE-2012-4549 json | A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.sec... | Thu, 14 May 2026 19:23:09 |
| CVE-2026-45248 json | Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoi... | Thu, 14 May 2026 18:22:52 |
| CVE-2026-6811 json | Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON doc... | Thu, 14 May 2026 18:22:52 |
| CVE-2026-44671 json | ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discove... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-44428 json | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the clie... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-44427 json | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8584 json | Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compr... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8583 json | Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who ha... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8582 json | Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensi... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8575 json | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer proc... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8574 json | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the ... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8573 json | Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perfo... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8571 json | Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had ... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8570 json | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive infor... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8569 json | Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perfor... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8567 json | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of ... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8565 json | Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8564 json | Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to p... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8561 json | Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8560 json | Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perf... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8559 json | Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to per... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8558 json | Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code ins... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8553 json | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer pro... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8552 json | Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out o... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8550 json | Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the rend... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8548 json | Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the rende... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8546 json | Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compr... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8543 json | Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a us... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8542 json | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the ... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8541 json | Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer ... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8539 json | Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbi... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8538 json | Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had ... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8535 json | Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had ... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8534 json | Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had comp... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8533 json | Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the re... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8531 json | Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially ex... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8530 json | Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised t... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8527 json | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8526 json | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code in... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8525 json | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perfor... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-44015 json | Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Sid... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8524 json | Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code ... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8523 json | Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer pr... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8520 json | Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape v... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8519 json | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of ... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8516 json | Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8515 json | Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in sp... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8514 json | Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer pr... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8513 json | Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8512 json | Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engag... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-8510 json | Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised th... | Thu, 14 May 2026 18:22:49 |
| CVE-2026-46356 json | Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allo... | Thu, 14 May 2026 17:37:12 |
| CVE-2026-26191 json | Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipel... | Thu, 14 May 2026 17:37:12 |
| CVE-2026-26062 json | Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in ... | Thu, 14 May 2026 17:37:12 |
| CVE-2026-45375 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) render... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-45371 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-45148 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, sear... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-45147 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-44670 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View (AV / databas... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-44588 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-44586 json | SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace rende... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-41134 json | Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal inje... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-27886 json | Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not su... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-24899 json | Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment f... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-24000 json | Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers wh... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-23998 json | Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-22707 json | Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content ... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-22706 json | Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-22599 json | Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x bra... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-3837 json | An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when an... | Thu, 14 May 2026 17:37:11 |
| CVE-2025-64526 json | Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in... | Thu, 14 May 2026 17:37:11 |
| CVE-2026-45781 json | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI owne... | Thu, 14 May 2026 17:22:11 |
| CVE-2026-45370 json | python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py pas... | Thu, 14 May 2026 17:22:11 |
| CVE-2026-45369 json | python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_proto... | Thu, 14 May 2026 17:22:11 |
| CVE-2026-44700 json | Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fi... | Thu, 14 May 2026 17:22:11 |
| CVE-2026-44679 json | Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated at... | Thu, 14 May 2026 17:22:11 |
| CVE-2026-44678 json | Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/{account_handle}/{proje... | Thu, 14 May 2026 17:22:10 |
| CVE-2026-44673 json | libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integ... | Thu, 14 May 2026 17:22:10 |
| CVE-2026-44666 json | HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() ... | Thu, 14 May 2026 17:22:10 |
| CVE-2026-44662 json | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher... | Thu, 14 May 2026 17:22:10 |
| CVE-2026-44661 json | python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side R... | Thu, 14 May 2026 17:22:10 |
| CVE-2026-44647 json | OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary... | Thu, 14 May 2026 17:22:10 |