CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-39087 json | ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs. | Sat, 04 Jul 2026 12:27:11 |
| CVE-2026-14633 json | A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04.... | Sat, 04 Jul 2026 12:27:11 |
| CVE-2026-14632 json | A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affe... | Sat, 04 Jul 2026 12:27:11 |
| CVE-2026-14355 json | In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm... | Sat, 04 Jul 2026 12:27:11 |
| CVE-2024-21488 json | Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process ex... | Sat, 04 Jul 2026 12:27:11 |
| CVE-2026-14630 json | A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get... | Sat, 04 Jul 2026 11:27:09 |
| CVE-2026-14629 json | A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_... | Sat, 04 Jul 2026 10:27:08 |
| CVE-2026-14535 json | In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls Analys... | Sat, 04 Jul 2026 10:27:08 |
| CVE-2026-14534 json | Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubproces... | Sat, 04 Jul 2026 10:27:08 |
| CVE-2026-14628 json | A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the fil... | Sat, 04 Jul 2026 09:27:07 |
| CVE-2026-14627 json | A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapte... | Sat, 04 Jul 2026 09:27:07 |
| CVE-2025-13475 json | In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between... | Sat, 04 Jul 2026 09:27:07 |
| CVE-2026-53362 json | In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path ... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53361 json | In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor ... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53360 json | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53359 json | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpe... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53341 json | In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked ->mnt_ns read in may_de... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53332 json | In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creatin... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53329 json | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc_array() in dal_vector_rese... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53327 json | In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fill_pool() if pi_blocked_on On RT... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53326 json | In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill_pool() in early boot hardi... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53325 json | In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_pro... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53179 json | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtw_update_p... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53177 json | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer dereference PCIe errors detec... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53167 json | In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios FUS... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53163 json | In the Linux kernel, the following vulnerability has been resolved: locking/rtmutex: Skip remove_waiter() when waiter is not... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-14626 json | A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-14625 json | A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exe... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-12196 json | HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-12195 json | myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary comman... | Sat, 04 Jul 2026 08:26:33 |
| CVE-2026-53159 json | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vm... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-53158 json | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg cal... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-53157 json | In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU grace period ... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-53151 json | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for ... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-53142 json | In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without dis... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-53139 json | In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Skip CSD when it has zeroed workgroups A compu... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-53138 json | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops [W... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-53101 json | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix potential deadlock in mt7921_roc... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-53070 json | In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udp_tunnel_xmit_skb() u... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-52975 json | In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port->aggre... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-52928 json | In the Linux kernel, the following vulnerability has been resolved: af_unix: Reject SIOCATMARK on non-stream sockets SIOCAT... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-52909 json | In the Linux kernel, the following vulnerability has been resolved: ip6_vti: set netns_immutable on the fallback device. jo... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-46331 json | In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache c... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-46252 json | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-46054 json | In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access chec... | Sat, 04 Jul 2026 08:26:32 |
| CVE-2026-23052 json | In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remai... | Sat, 04 Jul 2026 08:26:31 |
| CVE-2025-23131 json | In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_... | Sat, 04 Jul 2026 08:26:31 |
| CVE-2022-49803 json | In the Linux kernel, the following vulnerability has been resolved: netdevsim: Fix memory leak of nsim_dev->fa_cookie kmeml... | Sat, 04 Jul 2026 08:26:31 |
| CVE-2026-14624 json | A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf... | Sat, 04 Jul 2026 07:26:14 |
| CVE-2026-14623 json | A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport o... | Sat, 04 Jul 2026 06:24:53 |
| CVE-2026-14622 json | A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vu... | Sat, 04 Jul 2026 05:23:53 |
| CVE-2026-14621 json | A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggr... | Sat, 04 Jul 2026 05:23:53 |
| CVE-2026-14619 json | A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of... | Sat, 04 Jul 2026 04:23:14 |
| CVE-2026-12194 json | PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execut... | Sat, 04 Jul 2026 04:23:14 |
| CVE-2026-14618 json | A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amf_nnrf_handle_nf_discov... | Sat, 04 Jul 2026 03:22:35 |
| CVE-2026-12252 json | In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParse... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71380 json | The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. A... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71375 json | picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for maliciou... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71373 json | picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass s... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71372 json | Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71369 json | picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandle... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71367 json | picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71366 json | picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle file... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71364 json | picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce me... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71362 json | picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary... | Fri, 03 Jul 2026 22:19:54 |
| CVE-2025-71360 json | picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. ... | Fri, 03 Jul 2026 22:19:53 |
| CVE-2025-71359 json | picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the re... | Fri, 03 Jul 2026 22:19:53 |
| CVE-2025-71356 json | picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression ... | Fri, 03 Jul 2026 22:19:53 |
| CVE-2025-71353 json | picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function i... | Fri, 03 Jul 2026 22:19:53 |
| CVE-2025-71347 json | picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce m... | Fri, 03 Jul 2026 22:19:53 |
| CVE-2025-71345 json | picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof... | Fri, 03 Jul 2026 22:19:53 |
| CVE-2025-71343 json | picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label fu... | Fri, 03 Jul 2026 22:19:53 |
| CVE-2025-71342 json | picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attack... | Fri, 03 Jul 2026 22:19:53 |
| CVE-2026-54424 json | An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privileg... | Fri, 03 Jul 2026 21:18:22 |
| CVE-2026-58523 json | Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a net... | Fri, 03 Jul 2026 18:31:43 |
| CVE-2026-14617 json | A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStre... | Fri, 03 Jul 2026 18:31:43 |
| CVE-2026-58597 json | Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform... | Fri, 03 Jul 2026 17:31:45 |
| CVE-2026-58524 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allow... | Fri, 03 Jul 2026 17:31:45 |
| CVE-2026-58522 json | Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. | Fri, 03 Jul 2026 17:31:45 |
| CVE-2026-58426 json | Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write | Fri, 03 Jul 2026 17:31:45 |
| CVE-2026-58424 json | Permanent Fork PR Workflow Approval Gate Bypass | Fri, 03 Jul 2026 17:31:45 |
| CVE-2026-58423 json | LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | Fri, 03 Jul 2026 17:31:45 |
| CVE-2026-58422 json | Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | Fri, 03 Jul 2026 17:31:45 |
| CVE-2026-58421 json | Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | Fri, 03 Jul 2026 17:31:45 |
| CVE-2026-58419 json | Notification API leaks private issue metadata after access revocation | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58418 json | SSRF via HTTP Redirect in Repository Migration | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58300 json | Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58299 json | Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute co... | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58298 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allow... | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58297 json | Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attack... | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58296 json | Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attack... | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58295 json | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attac... | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58294 json | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58293 json | External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over... | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58292 json | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58291 json | Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to dis... | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58290 json | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attac... | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58289 json | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attac... | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58288 json | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Fri, 03 Jul 2026 17:31:44 |
| CVE-2026-58287 json | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Fri, 03 Jul 2026 17:31:44 |