CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-41636 json | Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Use... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-41607 json | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended t... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-41606 json | Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommend... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-41605 json | Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are r... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-41604 json | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended t... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-41603 json | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: befo... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-41602 json | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-7280 json | AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-7279 json | AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a m... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-7264 json | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2025-48431 json | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thr... | Tue, 28 Apr 2026 06:17:02 |
| CVE-2026-40980 json | In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2026-40979 json | In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Sp... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2026-40978 json | SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafte... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2026-7248 json | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the co... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2026-7247 json | A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the fil... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2026-7244 json | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasy... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2026-7243 json | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of t... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2026-7242 json | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the f... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2026-7241 json | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the fil... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2025-10539 json | Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can positi... | Tue, 28 Apr 2026 05:30:47 |
| CVE-2026-5201 json | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due... | Tue, 28 Apr 2026 05:30:46 |
| CVE-2026-41526 json | In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2026-41525 json | KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the app... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2026-40966 json | In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat historie... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2026-7240 json | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccount... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2026-7238 json | A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/Adm... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2026-7237 json | A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of th... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2026-7235 json | A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747b... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2026-4911 json | The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2026-4805 json | The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This i... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2024-54013 json | Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server compone... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2024-54012 json | Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input,... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2024-54011 json | Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied... | Tue, 28 Apr 2026 04:29:53 |
| CVE-2026-42510 json | OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface. | Tue, 28 Apr 2026 03:28:14 |
| CVE-2026-40967 json | In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to speci... | Tue, 28 Apr 2026 03:28:14 |
| CVE-2026-40356 json | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application ... | Tue, 28 Apr 2026 03:28:14 |
| CVE-2026-32589 json | A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository o... | Tue, 28 Apr 2026 03:28:14 |
| CVE-2026-7234 json | A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of t... | Tue, 28 Apr 2026 03:28:14 |
| CVE-2026-7233 json | A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of ... | Tue, 28 Apr 2026 03:28:14 |
| CVE-2026-7230 json | A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulati... | Tue, 28 Apr 2026 03:28:14 |
| CVE-2026-7229 json | A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims... | Tue, 28 Apr 2026 03:28:14 |
| CVE-2026-5306 json | The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthent... | Tue, 28 Apr 2026 03:28:14 |
| CVE-2026-7228 json | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get_cart_count of ... | Tue, 28 Apr 2026 02:27:15 |
| CVE-2026-7227 json | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admi... | Tue, 28 Apr 2026 02:27:15 |
| CVE-2026-7226 json | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function lo... | Tue, 28 Apr 2026 02:27:15 |
| CVE-2026-40355 json | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_contex... | Tue, 28 Apr 2026 02:27:14 |
| CVE-2026-7225 json | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete... | Tue, 28 Apr 2026 02:27:14 |
| CVE-2026-7224 json | A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of ... | Tue, 28 Apr 2026 02:27:14 |
| CVE-2026-6809 json | The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all ... | Tue, 28 Apr 2026 02:27:14 |
| CVE-2026-6725 json | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attri... | Tue, 28 Apr 2026 02:27:14 |
| CVE-2026-6551 json | The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attrib... | Tue, 28 Apr 2026 02:27:14 |
| CVE-2026-3087 json | If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the arc... | Tue, 28 Apr 2026 02:27:14 |
| CVE-2026-7223 json | A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function... | Tue, 28 Apr 2026 00:24:46 |
| CVE-2026-7222 json | A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown ... | Tue, 28 Apr 2026 00:24:46 |
| CVE-2026-7221 json | A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/sr... | Tue, 28 Apr 2026 00:24:46 |
| CVE-2026-7220 json | A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unk... | Tue, 28 Apr 2026 00:24:46 |
| CVE-2026-7219 json | A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Exe... | Tue, 28 Apr 2026 00:24:46 |
| CVE-2026-34615 json | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-27303 json | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-27246 json | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An att... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-27245 json | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An att... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-27243 json | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An att... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-24366 json | Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Expl... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-24365 json | Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows C... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-24360 json | Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allo... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-24358 json | Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrec... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-24357 json | Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-21340 json | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to mem... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-7218 json | A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of ... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-7217 json | A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-7216 json | A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impac... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-7215 json | A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of ... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-1460 json | A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyx... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-0711 json | A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions throu... | Mon, 27 Apr 2026 23:24:16 |
| CVE-2026-24356 json | Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Secur... | Mon, 27 Apr 2026 23:24:15 |
| CVE-2026-24355 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme... | Mon, 27 Apr 2026 23:24:15 |
| CVE-2026-24353 json | Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured... | Mon, 27 Apr 2026 23:24:15 |
| CVE-2025-61813 json | ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Refer... | Mon, 27 Apr 2026 23:24:15 |
| CVE-2025-54265 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Inco... | Mon, 27 Apr 2026 23:24:15 |
| CVE-2025-54196 json | Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. ... | Mon, 27 Apr 2026 23:24:15 |
| CVE-2026-25456 json | Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shippin... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-25455 json | Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiti... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-25454 json | Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Contro... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-25430 json | Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Form... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-25406 json | Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authenticati... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-25397 json | Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce all... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-25390 json | Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured ... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-7214 json | A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-7213 json | A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of th... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-7212 json | A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the f... | Mon, 27 Apr 2026 22:22:37 |
| CVE-2026-25387 json | Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectl... | Mon, 27 Apr 2026 22:22:36 |
| CVE-2026-25370 json | Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configure... | Mon, 27 Apr 2026 22:22:36 |
| CVE-2026-25365 json | Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configur... | Mon, 27 Apr 2026 22:22:36 |
| CVE-2026-25357 json | Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-... | Mon, 27 Apr 2026 22:22:36 |
| CVE-2026-25328 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Uplo... | Mon, 27 Apr 2026 22:22:36 |
| CVE-2026-25034 json | Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly... | Mon, 27 Apr 2026 22:22:36 |
| CVE-2025-49552 json | Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be ex... | Mon, 27 Apr 2026 22:22:36 |
| CVE-2026-7211 json | A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the f... | Mon, 27 Apr 2026 21:21:45 |
| CVE-2026-7206 json | A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of... | Mon, 27 Apr 2026 21:21:45 |