CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-39883 json | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Dar... | Thu, 09 Apr 2026 14:45:52 |
| CVE-2026-39882 json | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) re... | Thu, 09 Apr 2026 14:45:52 |
| CVE-2026-39344 json | ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting (XSS) vulnera... | Thu, 09 Apr 2026 14:45:51 |
| CVE-2026-39340 json | ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEdi... | Thu, 09 Apr 2026 14:45:51 |
| CVE-2026-33540 json | Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, di... | Thu, 09 Apr 2026 14:45:51 |
| CVE-2026-33510 json | Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered... | Thu, 09 Apr 2026 14:45:51 |
| CVE-2026-40072 json | web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py ... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-40071 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/package_order, /json/l... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-40070 json | BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificat... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-40069 json | BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only r... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-39987 json | marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoi... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-39985 json | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-mana... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-39983 json | basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in f... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-39981 json | AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extensio... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-39980 json | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safe... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-39961 json | Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, ... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-39911 json | Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic polic... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-39315 json | Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentatio... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-35207 json | dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-ce... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-30478 json | A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate pri... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-5971 json | A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-5970 json | A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the compone... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-5329 json | Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring mes... | Thu, 09 Apr 2026 14:30:26 |
| CVE-2026-39347 json | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes t... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-39346 json | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed authentic... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-39323 json | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason: This candidate is a dupli... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-39318 json | ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the endp... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-39317 json | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39334. Reason: This candidate is a dupli... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-35405 json | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous s... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-35023 json | Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.p... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-34578 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes t... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-34402 json | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a dupli... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-1584 json | A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-1346 json | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-1343 json | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-1342 json | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2025-70797 json | Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the ... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2025-63238 json | A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of ... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2025-57735 json | When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that t... | Thu, 09 Apr 2026 14:30:25 |
| CVE-2026-33727 json | Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-e... | Thu, 09 Apr 2026 14:30:24 |
| CVE-2026-33405 json | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application... | Thu, 09 Apr 2026 14:30:24 |
| CVE-2026-29185 json | Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsin... | Thu, 09 Apr 2026 14:30:24 |
| CVE-2026-26133 json | AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | Thu, 09 Apr 2026 14:30:24 |
| CVE-2026-0992 json | A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML cata... | Thu, 09 Apr 2026 14:30:24 |
| CVE-2026-0990 json | A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLRes... | Thu, 09 Apr 2026 14:30:24 |
| CVE-2026-0989 json | A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does... | Thu, 09 Apr 2026 14:30:24 |
| CVE-2022-45315 json | Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability ... | Thu, 09 Apr 2026 14:30:24 |
| CVE-2012-5562 json | A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it ... | Thu, 09 Apr 2026 14:30:24 |
| CVE-2026-34217 json | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs... | Thu, 09 Apr 2026 14:15:21 |
| CVE-2026-34211 json | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in t... | Thu, 09 Apr 2026 14:15:21 |
| CVE-2026-34208 json | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for exam... | Thu, 09 Apr 2026 14:15:21 |
| CVE-2026-33752 json | curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and ... | Thu, 09 Apr 2026 14:15:21 |
| CVE-2026-35394 json | Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp p... | Thu, 09 Apr 2026 14:00:14 |
| CVE-2026-35472 json | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeG... | Thu, 09 Apr 2026 13:44:44 |
| CVE-2026-35399 json | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject m... | Thu, 09 Apr 2026 13:44:44 |
| CVE-2026-35398 json | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeG... | Thu, 09 Apr 2026 13:44:44 |
| CVE-2026-35396 json | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeG... | Thu, 09 Apr 2026 13:44:44 |
| CVE-2026-22675 json | OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthentica... | Thu, 09 Apr 2026 13:44:44 |
| CVE-2026-35395 json | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais)... | Thu, 09 Apr 2026 13:44:43 |
| CVE-2024-46683 json | In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock... | Thu, 09 Apr 2026 13:44:43 |
| CVE-2026-40046 json | Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE... | Thu, 09 Apr 2026 13:29:45 |
| CVE-2026-39976 json | Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass f... | Thu, 09 Apr 2026 13:29:45 |
| CVE-2026-39974 json | n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentat... | Thu, 09 Apr 2026 13:29:45 |
| CVE-2026-39972 json | Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.... | Thu, 09 Apr 2026 13:29:45 |
| CVE-2026-39962 json | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements... | Thu, 09 Apr 2026 13:29:45 |
| CVE-2026-39959 json | Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malici... | Thu, 09 Apr 2026 13:29:45 |
| CVE-2026-39958 json | oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositori... | Thu, 09 Apr 2026 13:29:45 |
| CVE-2026-5962 json | A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the... | Thu, 09 Apr 2026 13:29:45 |
| CVE-2026-5961 json | A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknow... | Thu, 09 Apr 2026 13:29:45 |
| CVE-2026-39957 json | Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::list... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-39943 json | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision r... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-39942 json | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endp... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-39890 json | PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-39885 json | FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library u... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-39856 json | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerabil... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-39855 json | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerabili... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-39637 json | Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Le... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-35041 json | fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-34020 json | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HT... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-33266 json | Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to de... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-33005 json | Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-30479 json | A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary c... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2025-62718 json | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not correctly handle hostname n... | Thu, 09 Apr 2026 13:29:44 |
| CVE-2026-39635 json | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-39633 json | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forge... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-39384 json | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take ... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-39361 json | OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment_url function in src/hand... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-39354 json | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold al... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-39351 json | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access vi... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-39342 json | ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the Que... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-39338 json | ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability ex... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-39322 json | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a va... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-39308 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recip... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-35615 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-35606 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-35567 json | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason: This candidate is a dupli... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-35534 json | ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in P... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-35519 json | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before... | Thu, 09 Apr 2026 13:29:43 |
| CVE-2026-34954 json | PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the ... | Thu, 09 Apr 2026 12:59:42 |
| CVE-2026-34953 json | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token no... | Thu, 09 Apr 2026 12:59:42 |