CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-57619 json | Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions. | Thu, 25 Jun 2026 10:44:25 |
| CVE-2026-57429 json | Contributor Broken Access Control in Slim SEO <= 4.6.2 versions. | Thu, 25 Jun 2026 10:44:25 |
| CVE-2026-56071 json | Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions. | Thu, 25 Jun 2026 10:44:25 |
| CVE-2026-56054 json | Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions. | Thu, 25 Jun 2026 10:44:25 |
| CVE-2026-56053 json | Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions. | Thu, 25 Jun 2026 10:44:25 |
| CVE-2026-56051 json | Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-56050 json | Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Contr... | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-56049 json | Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-56042 json | Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-56023 json | Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-56014 json | Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-56013 json | Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-56006 json | Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-56005 json | Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54849 json | Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54848 json | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrie... | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54845 json | Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54844 json | Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54843 json | Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54842 json | Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Securi... | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54841 json | Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54838 json | Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54836 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL I... | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54830 json | Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54829 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP P... | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54828 json | Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54823 json | Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54822 json | Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. | Thu, 25 Jun 2026 10:44:24 |
| CVE-2026-54821 json | Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-54699 json | Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contai... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-54686 json | Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accept... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-54018 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePl... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-54016 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-54015 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-54014 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path tra... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-48732 json | Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contai... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-48731 json | Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contai... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-48725 json | Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-48721 json | Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contai... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-48720 json | Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accept... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-48719 json | Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contai... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-48704 json | Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may op... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-48703 json | Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contai... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-27366 json | Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions. | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-9143 json | There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGe... | Thu, 25 Jun 2026 10:44:23 |
| CVE-2026-48141 json | There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. ... | Thu, 25 Jun 2026 10:44:22 |
| CVE-2026-48140 json | There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger inv... | Thu, 25 Jun 2026 10:44:22 |
| CVE-2026-48139 json | There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to... | Thu, 25 Jun 2026 10:44:22 |
| CVE-2026-48138 json | There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may resul... | Thu, 25 Jun 2026 10:44:22 |
| CVE-2026-48137 json | There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attack... | Thu, 25 Jun 2026 10:44:22 |
| CVE-2026-9142 json | There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server... | Thu, 25 Jun 2026 10:44:22 |
| CVE-2026-56122 json | Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read ... | Thu, 25 Jun 2026 10:29:34 |
| CVE-2026-52690 json | Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC... | Thu, 25 Jun 2026 10:29:33 |
| CVE-2026-49506 json | Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Direc... | Thu, 25 Jun 2026 10:29:33 |
| CVE-2026-47154 json | In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating inter... | Thu, 25 Jun 2026 10:29:33 |
| CVE-2026-47153 json | In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fa... | Thu, 25 Jun 2026 10:29:33 |
| CVE-2026-4526 json | In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and... | Thu, 25 Jun 2026 10:29:33 |
| CVE-2026-47152 json | In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fa... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-47151 json | In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock sche... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-47150 json | In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and te... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-47149 json | In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads a... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-47148 json | In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-47147 json | In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited a... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-47146 json | In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messa... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-47145 json | In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messa... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-46734 json | Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerabili... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-46733 json | Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. ... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-46732 json | Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource w... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-42390 json | An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZON... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-42389 json | This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative serve... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-42388 json | Incomplete validation of the SOA record present in a catalog zone might lead to a crash. | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-42387 json | A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor d... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-41120 json | Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Da... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-40012 json | ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS ... | Thu, 25 Jun 2026 10:29:32 |
| CVE-2026-54226 json | A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to u... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-42005 json | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial o... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-42004 json | An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as ... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-40211 json | An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed righ... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-40208 json | An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame. | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-40011 json | An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a valu... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-33612 json | A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning. | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-12755 json | Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an au... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-10824 json | The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controll... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-8330 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 b... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-5952 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-5796 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 ... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-5309 json | GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 bef... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-3176 json | GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 bef... | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-2815 json | Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys | Thu, 25 Jun 2026 10:29:31 |
| CVE-2026-12635 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 b... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-12053 json | GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions coul... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-11379 json | GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-9787 json | Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote a... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-9786 json | Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attac... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-9785 json | Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote att... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-9784 json | Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote att... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-9783 json | Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote ... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-9782 json | Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote att... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-9781 json | Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attac... | Thu, 25 Jun 2026 10:29:30 |
| CVE-2026-9780 json | Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote a... | Thu, 25 Jun 2026 10:29:30 |