CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-6784 json | Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we... | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6783 json | Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firef... | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6782 json | Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6781 json | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6780 json | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6779 json | Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6778 json | Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6777 json | Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6776 json | Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150 and Firefox ES... | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6775 json | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:21 |
| CVE-2026-6774 json | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6773 json | Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6772 json | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115... | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6771 json | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6770 json | Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6769 json | Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6768 json | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6767 json | Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox E... | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6766 json | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150 and Firefox ESR ... | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6765 json | Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6764 json | Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150 and Firefo... | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6763 json | Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6762 json | Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefo... | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6761 json | Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6760 json | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6759 json | Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6758 json | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6757 json | Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6756 json | Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6755 json | Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6754 json | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firef... | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6753 json | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6752 json | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and F... | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-6751 json | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 14... | Tue, 21 Apr 2026 09:17:20 |
| CVE-2026-40520 json | FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function... | Tue, 21 Apr 2026 09:17:19 |
| CVE-2026-34080 json | xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eav... | Tue, 21 Apr 2026 09:17:19 |
| CVE-2026-6750 json | Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, a... | Tue, 21 Apr 2026 09:17:19 |
| CVE-2026-6749 json | Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firef... | Tue, 21 Apr 2026 09:17:19 |
| CVE-2026-6748 json | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 14... | Tue, 21 Apr 2026 09:17:19 |
| CVE-2026-6747 json | Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. | Tue, 21 Apr 2026 09:17:19 |
| CVE-2026-6746 json | Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefo... | Tue, 21 Apr 2026 09:17:19 |
| CVE-2026-2781 json | Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbi... | Tue, 21 Apr 2026 09:17:19 |
| CVE-2026-32228 json | UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Air... | Tue, 21 Apr 2026 09:02:17 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Tue, 21 Apr 2026 09:02:16 |
| CVE-2025-32975 json | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x b... | Tue, 21 Apr 2026 09:02:16 |
| CVE-2025-2749 json | An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrar... | Tue, 21 Apr 2026 09:02:16 |
| CVE-2024-27199 json | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | Tue, 21 Apr 2026 09:02:16 |
| CVE-2026-32147 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd mod... | Tue, 21 Apr 2026 08:17:12 |
| CVE-2026-41039 json | This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the... | Tue, 21 Apr 2026 07:31:06 |
| CVE-2026-41038 json | This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based ... | Tue, 21 Apr 2026 07:31:06 |
| CVE-2026-41037 json | This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login att... | Tue, 21 Apr 2026 07:31:05 |
| CVE-2026-39659 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Tue, 21 Apr 2026 07:31:05 |
| CVE-2026-41082 json | In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | Tue, 21 Apr 2026 06:30:14 |
| CVE-2026-41036 json | This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management ... | Tue, 21 Apr 2026 06:30:14 |
| CVE-2026-39467 json | Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This is... | Tue, 21 Apr 2026 06:30:14 |
| CVE-2026-6553 json | Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_s... | Tue, 21 Apr 2026 06:30:14 |
| CVE-2026-3317 json | Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the... | Tue, 21 Apr 2026 06:30:14 |
| CVE-2026-3308 json | An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft ... | Tue, 21 Apr 2026 06:30:14 |
| CVE-2025-13826 json | Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnera... | Tue, 21 Apr 2026 05:28:31 |
| CVE-2026-31370 json | Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service c... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-31369 json | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-31368 json | AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availabili... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-6712 json | The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up ... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-6711 json | The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all vers... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-6703 json | The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all... | Tue, 21 Apr 2026 03:27:07 |
| CVE-2026-5965 json | NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject ... | Tue, 21 Apr 2026 00:25:37 |
| CVE-2026-40497 json | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTa... | Mon, 20 Apr 2026 23:24:31 |
| CVE-2026-6675 json | The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email... | Mon, 20 Apr 2026 23:24:31 |
| CVE-2026-6674 json | The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in... | Mon, 20 Apr 2026 23:24:31 |
| CVE-2026-6058 json | ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmwar... | Mon, 20 Apr 2026 23:24:31 |
| CVE-2026-40496 json | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are genera... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-40250 json | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-40244 json | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-39973 json | Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-39886 json | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-39866 json | Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command inje... | Mon, 20 Apr 2026 22:24:03 |
| CVE-2026-0545 json | In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization... | Mon, 20 Apr 2026 21:54:01 |
| CVE-2026-25043 json | Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s... | Mon, 20 Apr 2026 21:38:45 |
| CVE-2025-68153 json | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any s... | Mon, 20 Apr 2026 21:38:45 |
| CVE-2026-40264 json | OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Pri... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39946 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges o... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39861 json | Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes fro... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39396 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in Ope... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39388 json | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authenticat... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39386 json | Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 throug... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39378 json | The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39377 json | The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 ... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-39320 json | Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an u... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2025-68152 json | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any s... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2025-64340 json | FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metach... | Mon, 20 Apr 2026 21:23:42 |
| CVE-2026-34717 json | OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/rep... | Mon, 20 Apr 2026 21:08:32 |
| CVE-2026-26962 json | Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds fold... | Mon, 20 Apr 2026 20:53:14 |
| CVE-2026-25212 json | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, a... | Mon, 20 Apr 2026 20:37:56 |
| CVE-2026-2701 json | Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. | Mon, 20 Apr 2026 20:37:56 |
| CVE-2026-2699 json | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configurati... | Mon, 20 Apr 2026 20:37:56 |
| CVE-2026-41331 json | OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41330 json | OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly ... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41329 json | OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat con... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41303 json | OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-ap... | Mon, 20 Apr 2026 20:22:49 |
| CVE-2026-41302 json | OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionali... | Mon, 20 Apr 2026 20:22:49 |