CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-61870 json | ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers ... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61861 json | ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation ... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61858 json | ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing ... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61857 json | ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profil... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61465 json | ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operati... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61454 json | The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ i... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61448 json | Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions >= 9.0.0, < 9.10.0-alpha.2 and <= 8... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61447 json | PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-gener... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61445 json | PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to m... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61442 json | PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for proje... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61439 json | PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CR... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61429 json | PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that al... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61428 json | PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to... | Sat, 11 Jul 2026 10:22:24 |
| CVE-2026-61426 json | PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement an... | Sat, 11 Jul 2026 10:22:23 |
| CVE-2026-60090 json | PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-st... | Sat, 11 Jul 2026 10:22:23 |
| CVE-2026-60088 json | PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files ... | Sat, 11 Jul 2026 10:22:23 |
| CVE-2026-56763 json | Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting specially crafted form field names t... | Sat, 11 Jul 2026 10:22:23 |
| CVE-2026-56372 json | ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to r... | Sat, 11 Jul 2026 10:22:23 |
| CVE-2026-56303 json | Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked... | Sat, 11 Jul 2026 10:22:23 |
| CVE-2026-56296 json | Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns ... | Sat, 11 Jul 2026 10:22:23 |
| CVE-2026-56240 json | Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows organi... | Sat, 11 Jul 2026 10:22:23 |
| CVE-2026-57828 json | The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users upl... | Sat, 11 Jul 2026 06:21:30 |
| CVE-2026-57827 json | The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files... | Sat, 11 Jul 2026 06:21:30 |
| CVE-2026-1359 json | The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a... | Sat, 11 Jul 2026 05:21:28 |
| CVE-2026-15155 json | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authentica... | Sat, 11 Jul 2026 03:18:15 |
| CVE-2026-15010 json | The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 ... | Sat, 11 Jul 2026 03:18:15 |
| CVE-2026-9282 json | The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via ... | Sat, 11 Jul 2026 03:18:15 |
| CVE-2026-9017 json | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versi... | Sat, 11 Jul 2026 03:18:15 |
| CVE-2026-6939 json | The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval... | Sat, 11 Jul 2026 03:18:15 |
| CVE-2026-6801 json | The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.... | Sat, 11 Jul 2026 03:18:15 |
| CVE-2026-4661 json | The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL I... | Sat, 11 Jul 2026 03:18:15 |
| CVE-2026-1382 json | The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in a... | Sat, 11 Jul 2026 03:18:15 |
| CVE-2026-12994 json | The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up t... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2026-12738 json | The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass i... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2026-12126 json | The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scri... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2026-12103 json | The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2026-11901 json | The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up ... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2026-11898 json | The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up t... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2026-11591 json | The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all ve... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2026-10865 json | The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and i... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2026-10041 json | The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all v... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2025-6784 json | The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via t... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2025-5017 json | The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ ... | Sat, 11 Jul 2026 03:18:14 |
| CVE-2026-34481 json | Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to ... | Sat, 11 Jul 2026 02:16:24 |
| CVE-2026-13378 json | The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact F... | Sat, 11 Jul 2026 02:16:24 |
| CVE-2026-7655 json | The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including... | Sat, 11 Jul 2026 02:16:24 |
| CVE-2026-15335 json | The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form<N>) in all v... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-9738 json | The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_pos... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-7620 json | The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-7559 json | The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-6804 json | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-6803 json | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up t... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-3576 json | The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File ... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-3552 json | The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing ca... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-2354 json | The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation byp... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-1832 json | The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache ... | Sat, 11 Jul 2026 01:31:24 |
| CVE-2026-21055 json | Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitr... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-21052 json | Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with ... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-21049 json | Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-21046 json | Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged ... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-21043 json | Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with sy... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-21042 json | Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-15097 json | The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'height_slider' Slider Module Field... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-15096 json | The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b_width_map' Field in a... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-15028 json | A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a special... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-14262 json | The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-13250 json | The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-13116 json | The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in al... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-12141 json | The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cros... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-0278 json | Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a lo... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-0276 json | A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to per... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2025-13968 json | The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode att... | Sat, 11 Jul 2026 01:31:23 |
| CVE-2026-56291 json | The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable... | Sat, 11 Jul 2026 01:31:22 |
| CVE-2026-15338 json | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-15073 json | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-15072 json | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-13353 json | The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote ... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-13262 json | The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic S... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-13114 json | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting ... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-12426 json | The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in ... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-10628 json | The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and ... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-8678 json | The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-7544 json | The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includ... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-5743 json | The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-3367 json | The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' se... | Sat, 11 Jul 2026 00:31:02 |
| CVE-2026-13756 json | The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. T... | Fri, 10 Jul 2026 22:27:23 |
| CVE-2026-11426 json | The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including,... | Fri, 10 Jul 2026 22:27:23 |
| CVE-2026-55175 json | Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 20... | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-44383 json | Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy ... | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-42952 json | Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow a... | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-40066 json | Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a... | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-31927 json | Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.... | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-20744 json | The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege esc... | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-15089 json | vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-15087 json | vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-15086 json | vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] ver... | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-14480 json | OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workfl... | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-14286 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-11915 json | vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*... | Fri, 10 Jul 2026 19:26:13 |
| CVE-2026-11914 json | vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. | Fri, 10 Jul 2026 19:26:13 |