CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-43870 json | Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralizat... | Tue, 05 May 2026 06:28:26 |
| CVE-2026-35092 json | A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote,... | Tue, 05 May 2026 06:28:26 |
| CVE-2026-35091 json | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosyn... | Tue, 05 May 2026 06:28:26 |
| CVE-2026-43869 json | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: befo... | Tue, 05 May 2026 05:27:44 |
| CVE-2026-43868 json | Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0.... | Tue, 05 May 2026 05:27:44 |
| CVE-2026-3601 json | The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing c... | Tue, 05 May 2026 05:27:44 |
| CVE-2026-3359 json | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Inject... | Tue, 05 May 2026 05:27:44 |
| CVE-2026-7824 json | An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" (diagnostic) mode is enabled... | Tue, 05 May 2026 03:26:04 |
| CVE-2026-6418 json | An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allo... | Tue, 05 May 2026 03:26:04 |
| CVE-2026-40797 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC Webinar... | Tue, 05 May 2026 03:26:03 |
| CVE-2026-6180 json | A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific... | Tue, 05 May 2026 03:26:03 |
| CVE-2026-5192 json | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversa... | Tue, 05 May 2026 03:26:03 |
| CVE-2026-3454 json | The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and includin... | Tue, 05 May 2026 03:26:03 |
| CVE-2026-2729 json | The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This ... | Tue, 05 May 2026 03:26:03 |
| CVE-2026-7823 json | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the ... | Tue, 05 May 2026 01:23:14 |
| CVE-2026-7822 json | A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /p... | Tue, 05 May 2026 01:23:14 |
| CVE-2026-7812 json | A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the func... | Tue, 05 May 2026 01:23:14 |
| CVE-2026-7811 json | A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the... | Tue, 05 May 2026 01:23:14 |
| CVE-2026-4362 json | The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing cap... | Tue, 05 May 2026 01:23:14 |
| CVE-2026-7810 json | A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the functio... | Tue, 05 May 2026 00:22:37 |
| CVE-2026-5957 json | The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due... | Tue, 05 May 2026 00:22:37 |
| CVE-2026-35228 json | Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The suppo... | Tue, 05 May 2026 00:22:36 |
| CVE-2026-5294 json | The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is du... | Tue, 05 May 2026 00:22:36 |
| CVE-2026-5159 json | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widge... | Tue, 05 May 2026 00:22:36 |
| CVE-2026-4803 json | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in th... | Tue, 05 May 2026 00:22:36 |
| CVE-2026-4665 json | The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` at... | Tue, 05 May 2026 00:22:36 |
| CVE-2026-3456 json | The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL In... | Tue, 05 May 2026 00:22:36 |
| CVE-2026-2948 json | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request... | Tue, 05 May 2026 00:22:36 |
| CVE-2026-6704 json | The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versio... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-6702 json | The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, ... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-6701 json | The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-6700 json | The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. ... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-6696 json | The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'first_name',... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-6255 json | The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'o... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-5505 json | The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all ve... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-5247 json | The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-5100 json | The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-4730 json | The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to ... | Mon, 04 May 2026 23:22:37 |
| CVE-2026-4409 json | The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked se... | Mon, 04 May 2026 23:22:36 |
| CVE-2026-2868 json | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site S... | Mon, 04 May 2026 23:22:36 |
| CVE-2026-1921 json | The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the `... | Mon, 04 May 2026 23:22:36 |
| CVE-2025-13618 json | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is... | Mon, 04 May 2026 23:22:36 |
| CVE-2026-36959 json | U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This a... | Mon, 04 May 2026 23:07:35 |
| CVE-2026-36958 json | A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent ... | Mon, 04 May 2026 23:07:35 |
| CVE-2026-33845 json | A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an intege... | Mon, 04 May 2026 23:07:35 |
| CVE-2026-7500 json | When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Fiv... | Mon, 04 May 2026 23:07:35 |
| CVE-2026-42800 json | NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulat... | Mon, 04 May 2026 23:07:34 |
| CVE-2026-42799 json | Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated w... | Mon, 04 May 2026 23:07:34 |
| CVE-2026-36957 json | Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handle... | Mon, 04 May 2026 23:07:34 |
| CVE-2026-22070 json | ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | Mon, 04 May 2026 23:07:34 |
| CVE-2026-7163 json | A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multiclu... | Mon, 04 May 2026 23:07:34 |
| CVE-2026-5080 json | Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated fro... | Mon, 04 May 2026 23:07:34 |
| CVE-2026-42370 json | A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially cr... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-42368 json | A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-42367 json | A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-42366 json | Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-42365 json | A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A speci... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-42364 json | An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specia... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-7372 json | A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially cr... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-7371 json | Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-7161 json | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility ... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-1858 json | wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a c... | Mon, 04 May 2026 22:52:34 |
| CVE-2025-13030 json | All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image uploa... | Mon, 04 May 2026 22:52:34 |
| CVE-2024-39847 json | Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This all... | Mon, 04 May 2026 22:52:34 |
| CVE-2018-25317 json | Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unau... | Mon, 04 May 2026 22:52:34 |
| CVE-2026-40950 json | CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a mo... | Mon, 04 May 2026 22:37:34 |
| CVE-2026-40949 json | CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local c... | Mon, 04 May 2026 22:37:34 |
| CVE-2026-33452 json | CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local c... | Mon, 04 May 2026 22:37:34 |
| CVE-2026-33451 json | CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with l... | Mon, 04 May 2026 22:37:34 |
| CVE-2026-33450 json | CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with contr... | Mon, 04 May 2026 22:37:34 |
| CVE-2026-33449 json | CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers wit... | Mon, 04 May 2026 22:37:34 |
| CVE-2026-33448 json | CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. A... | Mon, 04 May 2026 22:37:34 |
| CVE-2026-33447 json | CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with... | Mon, 04 May 2026 22:37:34 |
| CVE-2026-29169 json | A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server... | Mon, 04 May 2026 22:37:34 |
| CVE-2026-40228 json | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" ... | Mon, 04 May 2026 22:22:33 |
| CVE-2026-40201 json | @diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file. | Mon, 04 May 2026 22:22:33 |
| CVE-2026-33446 json | CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers w... | Mon, 04 May 2026 22:22:33 |
| CVE-2026-32148 json | Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency inte... | Mon, 04 May 2026 22:22:33 |
| CVE-2026-7461 json | Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon EC... | Mon, 04 May 2026 22:22:33 |
| CVE-2026-5722 json | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14.... | Mon, 04 May 2026 22:22:33 |
| CVE-2026-31256 json | A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. Du... | Mon, 04 May 2026 21:37:32 |
| CVE-2026-44029 json | An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix st... | Mon, 04 May 2026 21:22:31 |
| CVE-2026-44028 json | An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could... | Mon, 04 May 2026 21:22:31 |
| CVE-2026-24120 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be ... | Mon, 04 May 2026 21:22:31 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Mon, 04 May 2026 21:07:31 |
| CVE-2026-41882 json | In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files ... | Mon, 04 May 2026 20:37:30 |
| CVE-2026-1493 json | LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parame... | Mon, 04 May 2026 20:37:30 |
| CVE-2026-36956 json | A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless rou... | Mon, 04 May 2026 20:22:30 |
| CVE-2026-7788 json | A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affecte... | Mon, 04 May 2026 20:22:30 |
| CVE-2026-7785 json | A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cc... | Mon, 04 May 2026 20:22:30 |
| CVE-2026-7784 json | A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apis... | Mon, 04 May 2026 20:22:30 |
| CVE-2026-7783 json | A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySort... | Mon, 04 May 2026 20:22:30 |
| CVE-2026-6389 json | IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster... | Mon, 04 May 2026 20:22:30 |
| CVE-2026-43964 json | Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an... | Mon, 04 May 2026 19:22:28 |
| CVE-2026-7782 json | A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file app... | Mon, 04 May 2026 19:22:28 |
| CVE-2026-7781 json | A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handl... | Mon, 04 May 2026 19:22:28 |
| CVE-2026-7791 json | Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for... | Mon, 04 May 2026 18:21:58 |
| CVE-2026-7780 json | A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational o... | Mon, 04 May 2026 18:21:58 |
| CVE-2026-7776 json | Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition d... | Mon, 04 May 2026 18:21:58 |
| CVE-2026-7725 json | A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the... | Mon, 04 May 2026 18:21:58 |