CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-31370 json | Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service c... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-31369 json | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-31368 json | AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availabili... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-6712 json | The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up ... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-6711 json | The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all vers... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-6703 json | The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-5965 json | NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject ... | Tue, 21 Apr 2026 00:25:37 |
| CVE-2026-40497 json | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTa... | Mon, 20 Apr 2026 23:24:31 |
| CVE-2026-6675 json | The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email... | Mon, 20 Apr 2026 23:24:31 |
| CVE-2026-6674 json | The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in... | Mon, 20 Apr 2026 23:24:31 |
| CVE-2026-6058 json | ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmwar... | Mon, 20 Apr 2026 23:24:31 |
| CVE-2026-40496 json | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are genera... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-40250 json | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-40244 json | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-39973 json | Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-39886 json | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-39866 json | Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command inje... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-0545 json | In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization... | Mon, 20 Apr 2026 21:54:01 |
| CVE-2026-25043 json | Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s... | Mon, 20 Apr 2026 21:38:45 |
| CVE-2025-68153 json | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any s... | Mon, 20 Apr 2026 21:38:45 |
| CVE-2026-40264 json | OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Pri... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39946 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges o... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39861 json | Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes fro... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39396 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in Ope... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39388 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authenticat... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39386 json | Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 throug... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39378 json | The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39377 json | The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 ... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39320 json | Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an u... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2025-68152 json | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any s... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2025-64340 json | FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metach... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-34717 json | OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/rep... | Mon, 20 Apr 2026 21:08:32 |
| CVE-2026-26962 json | Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds fold... | Mon, 20 Apr 2026 20:53:14 |
| CVE-2026-25212 json | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, a... | Mon, 20 Apr 2026 20:37:56 |
| CVE-2026-2701 json | Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. | Mon, 20 Apr 2026 20:37:56 |
| CVE-2026-2699 json | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configurati... | Mon, 20 Apr 2026 20:37:56 |
| CVE-2026-41331 json | OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41330 json | OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly ... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41329 json | OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat con... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41303 json | OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-ap... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41302 json | OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionali... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41301 json | OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress pa... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41300 json | OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboa... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41299 json | OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only prove... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41298 json | OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HT... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41297 json | OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionali... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41296 json | OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile functi... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41295 json | OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to ex... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41294 json | OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing envi... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41285 json | In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discover... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-40045 json | OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over... | Mon, 20 Apr 2026 20:22:48 |
| CVE-2026-35588 json | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glance... | Mon, 20 Apr 2026 20:22:48 |
| CVE-2026-35587 json | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF)... | Mon, 20 Apr 2026 20:22:48 |
| CVE-2026-35570 json | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1... | Mon, 20 Apr 2026 20:22:48 |
| CVE-2026-35000 json | ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation ... | Mon, 20 Apr 2026 20:22:48 |
| CVE-2026-34839 json | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a RES... | Mon, 20 Apr 2026 20:22:48 |
| CVE-2026-33978 json | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exi... | Mon, 20 Apr 2026 20:22:48 |
| CVE-2026-34082 json | Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/... | Mon, 20 Apr 2026 19:22:01 |
| CVE-2026-5721 json | The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored ... | Mon, 20 Apr 2026 19:22:01 |
| CVE-2026-29643 json | XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contai... | Mon, 20 Apr 2026 18:21:15 |
| CVE-2026-6729 json | HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated part... | Mon, 20 Apr 2026 18:21:15 |
| CVE-2026-22051 json | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclos... | Mon, 20 Apr 2026 18:21:14 |
| CVE-2026-4046 json | The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inp... | Mon, 20 Apr 2026 18:21:14 |
| CVE-2026-0930 json | Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user c... | Mon, 20 Apr 2026 18:21:14 |
| CVE-2025-32990 json | A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool u... | Mon, 20 Apr 2026 18:21:14 |
| CVE-2025-32989 json | A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certifica... | Mon, 20 Apr 2026 18:21:14 |
| CVE-2025-32988 json | A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export lo... | Mon, 20 Apr 2026 18:21:14 |
| CVE-2025-9900 json | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a spe... | Mon, 20 Apr 2026 18:21:14 |
| CVE-2025-9375 json | XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.1... | Mon, 20 Apr 2026 18:21:14 |
| CVE-2026-34403 json | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a ... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-33626 json | LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-S... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-33432 json | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-33431 json | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /co... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-33031 json | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrato... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-32613 json | Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expre... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-32604 json | Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-29648 json | In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-29647 json | In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via s... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-29646 json | In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the su... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-29642 json | A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-26149 json | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perfor... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-5928 json | Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its s... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-5450 json | Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 ... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-5358 json | The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data secti... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-4852 json | The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scr... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-3219 json | pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. ... | Mon, 20 Apr 2026 17:19:23 |
| CVE-2026-33849 json | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue af... | Mon, 20 Apr 2026 16:34:09 |
| CVE-2026-33848 json | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue af... | Mon, 20 Apr 2026 16:34:09 |
| CVE-2026-33847 json | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue af... | Mon, 20 Apr 2026 16:34:09 |
| CVE-2026-33631 json | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 b... | Mon, 20 Apr 2026 16:34:09 |
| CVE-2026-33340 json | LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Reque... | Mon, 20 Apr 2026 16:34:09 |
| CVE-2026-32311 json | Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verificat... | Mon, 20 Apr 2026 16:19:10 |
| CVE-2026-6550 json | Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and befor... | Mon, 20 Apr 2026 16:19:10 |
| CVE-2026-6257 json | Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return ... | Mon, 20 Apr 2026 16:19:10 |
| CVE-2026-6249 json | Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated attacker... | Mon, 20 Apr 2026 16:19:10 |
| CVE-2026-5478 json | The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including... | Mon, 20 Apr 2026 16:19:10 |
| CVE-2026-40160 json | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs di... | Mon, 20 Apr 2026 16:19:09 |
| CVE-2026-33392 json | In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass | Mon, 20 Apr 2026 16:19:09 |
| CVE-2026-32135 json | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable h... | Mon, 20 Apr 2026 16:19:09 |
| CVE-2026-30624 json | Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The applic... | Mon, 20 Apr 2026 16:19:09 |