CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-41564 json | CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::D... | Thu, 23 Apr 2026 06:22:31 |
| CVE-2026-6903 json | The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functiona... | Thu, 23 Apr 2026 06:22:31 |
| CVE-2026-6887 json | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing una... | Thu, 23 Apr 2026 06:22:31 |
| CVE-2026-6886 json | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allo... | Thu, 23 Apr 2026 06:22:31 |
| CVE-2026-6885 json | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allo... | Thu, 23 Apr 2026 06:22:31 |
| CVE-2026-5464 json | The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to un... | Thu, 23 Apr 2026 06:22:31 |
| CVE-2026-3960 json | A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 ve... | Thu, 23 Apr 2026 06:22:31 |
| CVE-2026-3259 json | A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Go... | Thu, 23 Apr 2026 06:22:31 |
| CVE-2026-41040 json | GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string. | Thu, 23 Apr 2026 03:19:41 |
| CVE-2026-34488 json | IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. ... | Thu, 23 Apr 2026 03:19:41 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Thu, 23 Apr 2026 03:19:41 |
| CVE-2026-4512 json | The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting i... | Thu, 23 Apr 2026 03:19:41 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Thu, 23 Apr 2026 03:19:41 |
| CVE-2026-4111 json | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read... | Thu, 23 Apr 2026 03:19:41 |
| CVE-2026-4106 json | The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (s... | Thu, 23 Apr 2026 03:19:41 |
| CVE-2025-10549 json | EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the install... | Thu, 23 Apr 2026 03:19:41 |
| CVE-2026-41990 json | Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-co... | Thu, 23 Apr 2026 01:18:23 |
| CVE-2026-41989 json | Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gc... | Thu, 23 Apr 2026 01:18:23 |
| CVE-2026-41988 json | uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In p... | Thu, 23 Apr 2026 01:18:23 |
| CVE-2026-41233 json | Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is... | Thu, 23 Apr 2026 01:18:23 |
| CVE-2026-41232 json | Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add()`, the domain ownership ... | Thu, 23 Apr 2026 01:18:23 |
| CVE-2026-40529 json | CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtai... | Thu, 23 Apr 2026 01:18:22 |
| CVE-2026-41231 json | Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destina... | Thu, 23 Apr 2026 00:18:21 |
| CVE-2026-41230 json | Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS rec... | Thu, 23 Apr 2026 00:18:21 |
| CVE-2026-41229 json | Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes strin... | Thu, 23 Apr 2026 00:18:20 |
| CVE-2026-41228 json | Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (a... | Thu, 23 Apr 2026 00:18:20 |
| CVE-2026-3361 json | The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl_address' post meta value... | Thu, 23 Apr 2026 00:18:20 |
| CVE-2026-3007 json | Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary J... | Thu, 23 Apr 2026 00:18:20 |
| CVE-2026-3844 json | The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fet... | Wed, 22 Apr 2026 23:18:19 |
| CVE-2026-2951 json | The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Si... | Wed, 22 Apr 2026 23:18:19 |
| CVE-2026-41679 json | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-41243 json | OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-41211 json | Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-41208 json | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-41206 json | PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plug... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-41200 json | STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) assessments of Informatio... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-41197 json | Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and ... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-41196 json | Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.1... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-41182 json | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SD... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-41180 json | PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files... | Wed, 22 Apr 2026 22:18:14 |
| CVE-2026-1923 json | Wed, 22 Apr 2026 22:18:14 | |
| CVE-2010-0363 json | Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows re... | Wed, 22 Apr 2026 21:16:46 |
| CVE-2010-0362 json | Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2010-0361 json | Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 al... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2010-0360 json | Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and dis... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2010-0359 json | Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (da... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2010-0358 json | Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of servi... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2010-0357 json | Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2010-0037 json | Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2010-0036 json | Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2010-0007 json | net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does ... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2009-4605 json | scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of ... | Wed, 22 Apr 2026 21:16:45 |
| CVE-2009-4628 json | SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2009-4627 json | Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2009-4626 json | Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary loc... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2009-4625 json | SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2009-4624 json | SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via ... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2009-4623 json | Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2009-4141 json | Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows lo... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2009-4012 json | Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via lon... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2009-3739 json | Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attacker... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2008-7252 json | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknow... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2008-7251 json | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has u... | Wed, 22 Apr 2026 21:16:44 |
| CVE-2010-0356 json | Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Softwar... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2010-0350 json | Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2010-0349 json | Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitra... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2009-4622 json | PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remot... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2009-4621 json | SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrar... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2009-4620 json | SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrar... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2009-4619 json | SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute ... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2009-4618 json | Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands ... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2009-4617 json | Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to ... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2009-4616 json | Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbit... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2009-4615 json | SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL com... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2009-4614 json | Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote attackers to execute arbitra... | Wed, 22 Apr 2026 21:16:43 |
| CVE-2010-0348 json | Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files ... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0347 json | Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote a... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0346 json | Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allo... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0345 json | Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to in... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0344 json | SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute ... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0343 json | SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0342 json | SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attacker... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0341 json | SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attacke... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0340 json | SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers ... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0339 json | SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers ... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0338 json | SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0337 json | SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remot... | Wed, 22 Apr 2026 21:16:42 |
| CVE-2010-0336 json | Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote ... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0335 json | Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 a... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0334 json | SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote ... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0333 json | SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execut... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0332 json | SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attacker... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0331 json | Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows re... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0330 json | SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote a... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0329 json | SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitra... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0328 json | Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attacke... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0327 json | Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 a... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0326 json | Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote at... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0325 json | Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote at... | Wed, 22 Apr 2026 21:16:41 |
| CVE-2010-0324 json | SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote att... | Wed, 22 Apr 2026 21:16:40 |