CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.

Read the API docs

[rss] [api]

Recent CVEs

Recently updated CVE records
CVE Description Updated
CVE-2026-16130 json A vulnerability was identified in nearai ironclaw up to 0.29.1. The affected element is the function validate_path of the fil...
CVE-2026-16129 json A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction._val...
CVE-2026-16128 json A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiver_thread of the file claw...
CVE-2026-16127 json A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function claw_net_get/claw_net_post of the fil...
CVE-2026-45945 json In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix race condition during PASID entry replac...
CVE-2026-16126 json A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handle_rpc_request of the ...
CVE-2026-16125 json A vulnerability was found in zevorn rt-claw up to 0.2.0. The affected element is the function claw_net_get/claw_net_post of t...
CVE-2026-16124 json A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSS...
CVE-2025-21817 json In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs ->store() sysfs ->sto...
CVE-2025-21807 json In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs st...
CVE-2026-16123 json A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHan...
CVE-2026-16122 json A security flaw has been discovered in nextlevelbuilder GoClaw up to 3.13.2. Affected by this vulnerability is the function e...
CVE-2026-16121 json A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.2. Affected is the function isSafeBin of the file intern...
CVE-2026-16120 json A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/ext...
CVE-2026-16119 json A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file inte...
CVE-2026-16117 json Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is...
CVE-2026-11826 json OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core/modbus_master.cpp. getData() rea...
CVE-2026-9323 json The urwid web display backend (urwid/display/web.py) generates web session identifiers (urwid_id) in Screen.start() by concat...
CVE-2025-71398 json SurrealDB before 2.2.2 fails to validate HTTP redirects in http functions, allowing authenticated users to bypass deny-net re...
CVE-2025-71397 json SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permission...
CVE-2025-71396 json SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 does not enforce a default execution-time limit on embedde...
CVE-2025-71395 json SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restr...
CVE-2025-71394 json SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenti...
CVE-2025-71393 json SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain embedd...
CVE-2025-71392 json SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the comm...
CVE-2025-71391 json SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users...
CVE-2025-71390 json SurrealDB before 2.2.6, 2.3.6, and 2.1.8 (and 3.0.0-alpha.7 and earlier) fails to validate DNS-resolved hostnames against --d...
CVE-2024-58370 json SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF,...
CVE-2024-58369 json SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace ...
CVE-2024-58368 json SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST API requests containing specia...
CVE-2024-58367 json SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allo...
CVE-2024-58366 json SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type function when scripting i...
CVE-2024-58365 json SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to no...
CVE-2024-58364 json SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries w...
CVE-2024-58363 json SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or...
CVE-2024-58362 json SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) accepts an arbitrary object in the signin and signup operations o...
CVE-2024-58361 json SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when ...
CVE-2024-58359 json SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand()...
CVE-2026-59173 json Uncontrolled Resource Consumption vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0...
CVE-2024-58358 json SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owner use...
CVE-2024-58357 json SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time() function that panics when unw...
CVE-2024-58356 json SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on ta...
CVE-2023-54366 json SurrealDB before 1.0.1 sets default table permissions to FULL instead of NONE, allowing SELECT, CREATE, UPDATE, and DELETE op...
CVE-2026-16158 json Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenat...
CVE-2026-15631 json Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destinatio...
CVE-2026-9147 json uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. S...
CVE-2026-16097 json A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub_42537C of the component Schedule...
CVE-2026-16096 json A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub_40BB50 of the fil...
CVE-2026-16095 json A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setup_conntrack o...
CVE-2026-16088 json A vulnerability was detected in halo-dev halo up to 2.24.2. Affected by this vulnerability is the function Download of the fi...
CVE-2026-16085 json A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. Affected is the function NewContextBuilder of the ...
CVE-2024-3727 json A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated r...
CVE-2026-47871 json VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in file path validation allow malicious, authent...
CVE-2026-47870 json VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious authenticated user with network access ma...
CVE-2026-47869 json VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access m...
CVE-2026-47868 json VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able ...
CVE-2026-47867 json VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to ...
CVE-2026-47866 json VMware Avi Load Balancer contains an authorization bypass vulnerability. A malicious actor on the network can access a limite...
CVE-2026-47865 json VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be able to...
CVE-2026-16084 json A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function web_fetch of the file pkg/tools/inte...
CVE-2026-16083 json A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the fil...
CVE-2026-16082 json A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of th...
CVE-2026-53366 json In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path ...
CVE-2026-53363 json In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfs_consum...
CVE-2026-53362 json In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path ...
CVE-2026-53361 json In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor ...
CVE-2026-16081 json A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/ba...
CVE-2026-53360 json In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in...
CVE-2026-53359 json In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpe...
CVE-2026-53358 json In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cl...
CVE-2026-53357 json In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2c...
CVE-2026-53356 json In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sg_p...
CVE-2026-53355 json In the Linux kernel, the following vulnerability has been resolved: net: rds: clear i_sends on setup unwind The RDS IB conn...
CVE-2026-53354 json In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs ...
CVE-2026-53341 json In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked ->mnt_ns read in may_de...
CVE-2026-53329 json In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc_array() in dal_vector_rese...
CVE-2026-16077 json A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function _normalize_rw_path of the file astrbo...
CVE-2026-16076 json A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chat_send of...
CVE-2026-63030 json WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, com...
CVE-2026-62229 json OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-tru...
CVE-2026-60137 json WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parame...
CVE-2026-16075 json A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get_chat_sess...
CVE-2026-9762 json IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user c...
CVE-2026-9734 json The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and in...
CVE-2026-9202 json IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow inst...
CVE-2026-9198 json IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/auto_login (mints SUPERUSER tokens to...
CVE-2026-62309 json CoreDNS is a DNS server written in Go. Prior to 1.14.4, a single 28-byte UDP datagram can crash the CoreDNS process when the ...
CVE-2026-62228 json OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers...
CVE-2026-62223 json OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower...
CVE-2026-62222 json OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins....
CVE-2026-62218 json OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature that all...
CVE-2026-62217 json OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an authorization flaw in the QQBot exec approvals feature. When the featur...
CVE-2026-62209 json OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an authorization bypass in the ClickClack agent-mode dispatch feat...
CVE-2026-62207 json OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach adm...
CVE-2026-62203 json OpenClaw versions before 2026.6.6 contain an environment variable filtering vulnerability in host exec that fails to properly...
CVE-2026-62202 json OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege escalation vulnerability in isolated cron jobs that allows low...
CVE-2026-58643 json Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauth...
CVE-2026-58598 json Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Backup Engine allows a...
CVE-2026-45368 json Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the underlying URL methods for the K...
CVE-2026-44434 json Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit dccf5d4...

© CVE.report 2026

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report