CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-6443 json | The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due t... | Fri, 17 Apr 2026 03:21:22 |
| CVE-2026-6441 json | The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to t... | Fri, 17 Apr 2026 03:21:21 |
| CVE-2026-4659 json | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL ... | Fri, 17 Apr 2026 03:21:21 |
| CVE-2026-35496 json | A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to ... | Fri, 17 Apr 2026 02:19:26 |
| CVE-2026-34018 json | An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL sta... | Fri, 17 Apr 2026 02:19:26 |
| CVE-2026-21719 json | An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privil... | Fri, 17 Apr 2026 02:19:26 |
| CVE-2026-6482 json | The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain ... | Fri, 17 Apr 2026 02:19:26 |
| CVE-2026-6421 json | A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msim... | Fri, 17 Apr 2026 02:19:26 |
| CVE-2026-5797 json | The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and includin... | Fri, 17 Apr 2026 02:19:26 |
| CVE-2026-6080 json | The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insuf... | Fri, 17 Apr 2026 01:17:01 |
| CVE-2026-5807 json | Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root... | Fri, 17 Apr 2026 01:17:01 |
| CVE-2026-5502 json | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content mani... | Fri, 17 Apr 2026 01:17:01 |
| CVE-2026-5427 json | The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to i... | Fri, 17 Apr 2026 01:17:01 |
| CVE-2026-5234 json | The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.... | Fri, 17 Apr 2026 01:17:01 |
| CVE-2026-4853 json | The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directo... | Fri, 17 Apr 2026 01:17:01 |
| CVE-2026-3330 json | The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'use... | Fri, 17 Apr 2026 01:17:01 |
| CVE-2026-5052 json | Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This m... | Fri, 17 Apr 2026 00:30:14 |
| CVE-2026-4666 json | The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of `extract($args, EX... | Fri, 17 Apr 2026 00:30:14 |
| CVE-2026-4525 json | If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to aut... | Fri, 17 Apr 2026 00:30:14 |
| CVE-2026-3605 json | An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were n... | Fri, 17 Apr 2026 00:30:14 |
| CVE-2026-5231 json | The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all ver... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2026-5162 json | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widge... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2026-4817 json | The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind ... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2026-3488 json | The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. ... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2024-11831 json | A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not prope... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2026-40922 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40265 json | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40263 json | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt passwor... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40262 json | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40260 json | pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declara... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-22734 json | Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-pr... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40322 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered wit... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-40318 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttribute... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-40259 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttribute... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-40255 json | AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions pri... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-40253 json | openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding ... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2025-22870 json | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the ... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2024-58343 json | Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data t... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-41113 json | sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40308 json | My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX end... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40249 json | free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT hand... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40248 json | free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler ... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40247 json | free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler ... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40246 json | free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler ... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40170 json | ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_par... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-39313 json | mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequest... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-35469 json | spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame pars... | Thu, 16 Apr 2026 18:24:20 |
| CVE-2026-34164 json | Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService ... | Thu, 16 Apr 2026 18:24:20 |
| CVE-2026-33472 json | Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in C... | Thu, 16 Apr 2026 18:24:20 |
| CVE-2026-33032 json | Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Proto... | Thu, 16 Apr 2026 18:24:20 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Thu, 16 Apr 2026 18:09:20 |
| CVE-2026-41035 json | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver us... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2026-40901 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2026-40900 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2026-35592 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function ... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2025-70873 json | An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows ... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2016-8747 json | An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy co... | Thu, 16 Apr 2026 17:09:18 |
| CVE-2012-3442 json | The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and... | Thu, 16 Apr 2026 17:09:18 |
| CVE-2006-0749 json | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, ... | Thu, 16 Apr 2026 17:09:18 |
| CVE-2026-35636 json | OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves ... | Thu, 16 Apr 2026 16:54:19 |
| CVE-2026-35634 json | OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest(... | Thu, 16 Apr 2026 16:54:19 |
| CVE-2026-35627 json | OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing se... | Thu, 16 Apr 2026 16:54:19 |
| CVE-2026-5187 json | Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check on... | Thu, 16 Apr 2026 16:54:19 |
| CVE-2026-40088 json | PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are expo... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-39977 json | flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an ... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-35556 json | OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credenti... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-35063 json | OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=u... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-4636 json | A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy ... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-4634 json | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST ... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-4325 json | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolatio... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-4282 json | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolatio... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-3872 json | A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the ... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-40107 json | SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" an... | Thu, 16 Apr 2026 16:39:18 |
| CVE-2026-20021 json | A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Fir... | Thu, 16 Apr 2026 16:39:18 |
| CVE-2026-5194 json | Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than... | Thu, 16 Apr 2026 16:39:18 |
| CVE-2026-40899 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blo... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-33207 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-33122 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-33083 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-31262 json | Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sen... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2025-54510 json | A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administr... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2025-54502 json | Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2023-20585 json | Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervi... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Thu, 16 Apr 2026 16:24:17 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Thu, 16 Apr 2026 16:24:17 |
| CVE-2024-10106 json | A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buff... | Thu, 16 Apr 2026 16:24:17 |
| CVE-2008-3909 json | The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them af... | Thu, 16 Apr 2026 17:11:39 |
| CVE-2026-29043 json | HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigge... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-29002 json | CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accou... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-6069 json | NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker tr... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-6068 json | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory i... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-6067 json | A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_direc... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-1115 json | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the late... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-34781 json | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8... | Thu, 16 Apr 2026 15:39:15 |
| CVE-2026-33121 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 15:24:17 |
| CVE-2026-33084 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 15:24:17 |
| CVE-2026-6442 json | Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to exe... | Thu, 16 Apr 2026 15:24:17 |
| CVE-2025-43937 json | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability... | Thu, 16 Apr 2026 15:24:17 |
| CVE-2026-40175 json | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable ... | Thu, 16 Apr 2026 15:24:16 |
| CVE-2026-31987 json | JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade... | Thu, 16 Apr 2026 15:24:16 |