CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-46546 json | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.... | Tue, 09 Jun 2026 21:29:14 |
| CVE-2026-44634 json | SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multipl... | Tue, 09 Jun 2026 21:29:14 |
| CVE-2026-53675 json | BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenti... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-53674 json | BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username ... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-53673 json | BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticat... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-47838 json | SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to re... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46545 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46543 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46542 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46541 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46540 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46539 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46518 json | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46517 json | LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded ... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46491 json | SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46432 json | LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy i... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46411 json | FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ab... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-45782 json | Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can caus... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-44716 json | Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-44505 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41837 json | Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41732 json | JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package ... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41731 json | JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefi... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41730 json | Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41729 json | Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (applicat... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41728 json | Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermed... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41727 json | Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. ... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41726 json | When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending record... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41721 json | Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support ... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41719 json | A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a reposito... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41717 json | Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during ... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41716 json | Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowin... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41714 json | Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also callin... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41711 json | Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowExcept... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41706 json | Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cooki... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41701 json | Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41697 json | Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (START... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41696 json | Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient vali... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41695 json | Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled ... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41694 json | Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without req... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41008 json | Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. ... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41003 json | An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-40993 json | An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_par... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-40991 json | When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attac... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-40988 json | An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vuln... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-46433 json | lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-46374 json | SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-46373 json | SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-44963 json | A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-10238 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9754 json | An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuanc... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9753 json | The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binar... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9752 json | An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON Geo... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9751 json | The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.l... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9750 json | An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere wi... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9749 json | This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range pa... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9748 json | The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats c... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9747 json | Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9746 json | When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which caus... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9743 json | In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If ... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9742 json | When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "au... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9741 json | A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field ... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9740 json | A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sendi... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9735 json | MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When c... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-50512 json | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to eleva... | Tue, 09 Jun 2026 19:27:18 |
| CVE-2026-45503 json | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a ... | Tue, 09 Jun 2026 19:27:18 |
| CVE-2026-45501 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an u... | Tue, 09 Jun 2026 19:27:18 |
| CVE-2026-47938 json | Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulne... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-47905 json | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumptio... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-47904 json | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumptio... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-47903 json | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulner... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-47902 json | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumptio... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-36728 json | A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows att... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-36720 json | Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying ... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-34713 json | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumptio... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-34712 json | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulner... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-34711 json | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound v... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-34688 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulner... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-34680 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound v... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-34679 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulner... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-34657 json | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathnam... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-34417 json | OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary ... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-30141 json | An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers t... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-25860 json | OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows ... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-20245 json | A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, former... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2025-55658 json | GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tool... | Tue, 09 Jun 2026 18:26:15 |
| CVE-2026-34678 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumptio... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34677 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumptio... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34673 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumptio... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34672 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Underflow (Wrap or Wrapa... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34671 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound v... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34670 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulner... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34669 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulner... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34668 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulner... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34667 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Underflow (Wrap or Wrapa... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34666 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulner... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-34665 json | CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumptio... | Tue, 09 Jun 2026 18:26:14 |
| CVE-2026-48303 json | Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability t... | Tue, 09 Jun 2026 17:25:30 |
| CVE-2026-48292 json | Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arb... | Tue, 09 Jun 2026 17:25:29 |
| CVE-2026-48291 json | Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arb... | Tue, 09 Jun 2026 17:25:29 |