CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2025-40931 json | Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 gen... | Sun, 12 Apr 2026 14:22:00 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Sun, 12 Apr 2026 12:06:35 |
| CVE-2019-25713 json | MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by ... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25712 json | BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to cra... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25711 json | SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the applicatio... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25710 json | Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that all... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25709 json | CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing t... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25708 json | Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrat... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25707 json | eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25706 json | Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 ba... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25705 json | Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execut... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25703 json | ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate d... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25701 json | Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25699 json | Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated ... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25697 json | CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by i... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25695 json | R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25693 json | ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL querie... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25691 json | Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers ... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2019-25689 json | HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by su... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2018-25258 json | RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP p... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2018-25257 json | Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate datab... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2017-20239 json | MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injectin... | Sun, 12 Apr 2026 09:20:10 |
| CVE-2026-6126 json | A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of t... | Sun, 12 Apr 2026 07:18:14 |
| CVE-2026-6125 json | A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of ... | Sun, 12 Apr 2026 06:17:08 |
| CVE-2026-6124 json | A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /... | Sun, 12 Apr 2026 05:16:39 |
| CVE-2026-6123 json | A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of t... | Sun, 12 Apr 2026 05:16:39 |
| CVE-2026-6122 json | A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /gofor... | Sun, 12 Apr 2026 04:31:22 |
| CVE-2026-6121 json | A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/... | Sun, 12 Apr 2026 04:31:22 |
| CVE-2026-31413 json | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybe_fork_scalars() ... | Sun, 12 Apr 2026 02:31:19 |
| CVE-2026-6120 json | A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListC... | Sun, 12 Apr 2026 02:31:19 |
| CVE-2026-6119 json | A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the... | Sun, 12 Apr 2026 02:31:19 |
| CVE-2026-5704 json | A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidde... | Sun, 12 Apr 2026 02:31:19 |
| CVE-2026-34621 json | Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Objec... | Sun, 12 Apr 2026 01:16:17 |
| CVE-2026-6118 json | A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrb... | Sun, 12 Apr 2026 01:16:17 |
| CVE-2026-6117 json | A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the f... | Sun, 12 Apr 2026 01:16:17 |
| CVE-2026-6116 json | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosis... | Sun, 12 Apr 2026 01:16:17 |
| CVE-2026-6115 json | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cste... | Sun, 12 Apr 2026 01:16:17 |
| CVE-2026-6114 json | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg o... | Sun, 12 Apr 2026 00:31:16 |
| CVE-2026-6113 json | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the fu... | Sun, 12 Apr 2026 00:31:16 |
| CVE-2026-6112 json | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cg... | Sun, 12 Apr 2026 00:31:16 |
| CVE-2026-6111 json | A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the fi... | Sat, 11 Apr 2026 23:16:14 |
| CVE-2026-6110 json | A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the fi... | Sat, 11 Apr 2026 23:16:14 |
| CVE-2026-1116 json | A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisn... | Sat, 11 Apr 2026 23:16:14 |
| CVE-2026-6109 json | A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of ... | Sat, 11 Apr 2026 22:16:12 |
| CVE-2026-6108 json | A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/appl... | Sat, 11 Apr 2026 21:31:11 |
| CVE-2026-6107 json | A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/mid... | Sat, 11 Apr 2026 21:31:11 |
| CVE-2026-34933 json | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version... | Sat, 11 Apr 2026 15:30:39 |
| CVE-2026-31845 json | A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telep... | Sat, 11 Apr 2026 15:30:39 |
| CVE-2026-35537 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session h... | Sat, 11 Apr 2026 11:25:55 |
| CVE-2026-32146 json | Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modi... | Sat, 11 Apr 2026 10:24:30 |
| CVE-2026-23900 json | Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discov... | Sat, 11 Apr 2026 10:24:30 |
| CVE-2026-31408 json | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() d... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-23414 json | In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The a... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-23401 json | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when c... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-23389 json | In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-23360 json | In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvm... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2025-71269 json | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inl... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2025-68265 json | In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin request_queue lifetime The namespaces c... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2025-40242 json | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lo... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-5809 json | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is... | Sat, 11 Apr 2026 04:20:14 |
| CVE-2026-1502 json | CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. | Sat, 11 Apr 2026 01:17:34 |
| CVE-2026-5876 json | Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cros... | Sat, 11 Apr 2026 00:32:00 |
| CVE-2026-5875 json | Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted... | Sat, 11 Apr 2026 00:32:00 |
| CVE-2026-5874 json | Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage ... | Sat, 11 Apr 2026 00:32:00 |
| CVE-2026-34080 json | xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eav... | Fri, 10 Apr 2026 23:30:36 |
| CVE-2026-5226 json | The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL pa... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-5217 json | The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnera... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-5207 json | The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and includ... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-5144 json | The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-4979 json | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress ... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-4895 json | The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versi... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-3498 json | The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in a... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-3371 json | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-3358 json | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enro... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-5496 json | Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allo... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5495 json | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5494 json | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5493 json | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5059 json | aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to e... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5058 json | aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute a... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5055 json | NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attacker... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5054 json | NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers t... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5053 json | NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to d... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-40354 json | Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host contex... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-34078 json | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in th... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4158 json | KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4157 json | ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4156 json | ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4155 json | ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerabil... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4154 json | GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4153 json | GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4152 json | GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4151 json | GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4150 json | GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4149 json | Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attacke... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-3691 json | OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose st... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-3690 json | OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on a... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-3689 json | OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose s... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-40199 json | Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ip... | Fri, 10 Apr 2026 18:30:28 |
| CVE-2026-40198 json | Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6(... | Fri, 10 Apr 2026 18:30:28 |