CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-44407 json | A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption an... | Thu, 07 May 2026 05:23:04 |
| CVE-2026-27421 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor... | Thu, 07 May 2026 05:23:04 |
| CVE-2026-27416 json | Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security L... | Thu, 07 May 2026 05:23:04 |
| CVE-2026-27329 json | Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectl... | Thu, 07 May 2026 05:23:04 |
| CVE-2026-25468 json | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor... | Thu, 07 May 2026 05:23:04 |
| CVE-2026-25436 json | Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control... | Thu, 07 May 2026 05:23:04 |
| CVE-2025-68604 json | Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL... | Thu, 07 May 2026 05:23:03 |
| CVE-2025-68060 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allo... | Thu, 07 May 2026 05:23:03 |
| CVE-2025-66105 json | Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly... | Thu, 07 May 2026 05:23:03 |
| CVE-2025-62127 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Sli... | Thu, 07 May 2026 05:23:03 |
| CVE-2025-2514 json | Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350,... | Thu, 07 May 2026 05:23:03 |
| CVE-2025-1978 json | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platf... | Thu, 07 May 2026 05:23:03 |
| CVE-2024-43384 json | A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage ... | Thu, 07 May 2026 05:23:03 |
| CVE-2026-44406 json | ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM pri... | Thu, 07 May 2026 04:21:14 |
| CVE-2026-4430 json | Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encrypti... | Thu, 07 May 2026 04:21:14 |
| CVE-2025-9661 json | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block ... | Thu, 07 May 2026 04:21:14 |
| CVE-2025-2418 json | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall al... | Thu, 07 May 2026 04:21:14 |
| CVE-2026-8063 json | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resol... | Thu, 07 May 2026 02:19:13 |
| CVE-2026-41641 json | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to ver... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-41586 json | Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-41413 json | Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAu... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-41143 json | YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability ... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-41139 json | Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary Java... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-31709 json | In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-31419 json | In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bond_xmit_broadcast(... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-23468 json | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resourc... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-7252 json | The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-6692 json | The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_m... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-4348 json | The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_le... | Thu, 07 May 2026 02:19:12 |
| CVE-2026-41669 json | Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation... | Thu, 07 May 2026 00:16:41 |
| CVE-2026-41663 json | Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's pr... | Thu, 07 May 2026 00:16:41 |
| CVE-2026-41662 json | Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether re... | Thu, 07 May 2026 00:16:41 |
| CVE-2026-41661 json | Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary... | Thu, 07 May 2026 00:16:41 |
| CVE-2026-44600 json | Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41660 json | Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authenticat... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41659 json | Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (member... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41658 json | Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorizati... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41657 json | Admidio is an open-source user management solution. Prior to version 5.0.9, the contacts_data.php endpoint uses a weaker perm... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41656 json | Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accep... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41655 json | Admidio is an open-source user management solution. Prior to version 5.0.9, the ecard_preview.php endpoint does not validate ... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41640 json | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to ver... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41587 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41203 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41202 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41201 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41142 json | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41004 json | When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring ... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-41002 json | The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositorie... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-40982 json | Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server modul... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-40981 json | When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config ... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-40004 json | There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arb... | Thu, 07 May 2026 00:16:40 |
| CVE-2026-44599 json | Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. | Wed, 06 May 2026 23:31:04 |
| CVE-2026-4807 json | The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including ... | Wed, 06 May 2026 23:31:04 |
| CVE-2026-32192 json | Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | Wed, 06 May 2026 22:44:14 |
| CVE-2026-44597 json | Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka ... | Wed, 06 May 2026 22:28:51 |
| CVE-2026-40003 json | ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack o... | Wed, 06 May 2026 22:28:51 |
| CVE-2026-31777 json | In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxf... | Wed, 06 May 2026 22:28:51 |
| CVE-2026-31776 json | In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 ... | Wed, 06 May 2026 22:28:51 |
| CVE-2026-31775 json | In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initializati... | Wed, 06 May 2026 22:28:51 |
| CVE-2026-6222 json | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This... | Wed, 06 May 2026 22:28:51 |
| CVE-2026-7309 json | A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary en... | Wed, 06 May 2026 22:28:50 |
| CVE-2026-7040 json | Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characte... | Wed, 06 May 2026 22:28:50 |
| CVE-2026-6265 json | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This iss... | Wed, 06 May 2026 22:28:50 |
| CVE-2026-7972 json | Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer p... | Wed, 06 May 2026 22:13:16 |
| CVE-2026-7971 json | Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolatio... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7970 json | Use after free in TopChrome in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the rendere... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7969 json | Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the rendere... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7968 json | Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had ... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7967 json | Insufficient validation of untrusted input in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker wh... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7966 json | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7965 json | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who ... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7964 json | Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker wh... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7963 json | Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compr... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7962 json | Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7961 json | Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148.0.7778.96 allowed an attacker on the ... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7960 json | Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to ... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7959 json | Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromi... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7958 json | Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a use... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7956 json | Use after free in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the render... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7955 json | Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer p... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7954 json | Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer pro... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7953 json | Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to in... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-7952 json | Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compr... | Wed, 06 May 2026 22:13:15 |
| CVE-2026-42439 json | OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action selec... | Wed, 06 May 2026 22:13:14 |
| CVE-2026-42438 json | OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachmen... | Wed, 06 May 2026 22:13:14 |
| CVE-2026-7951 json | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code ins... | Wed, 06 May 2026 22:13:14 |
| CVE-2026-7950 json | Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary re... | Wed, 06 May 2026 22:13:14 |
| CVE-2026-7949 json | Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer... | Wed, 06 May 2026 22:13:14 |
| CVE-2026-7948 json | Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalatio... | Wed, 06 May 2026 22:13:14 |
| CVE-2026-7381 json | Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware:... | Wed, 06 May 2026 22:13:14 |
| CVE-2026-3833 json | A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints`... | Wed, 06 May 2026 22:13:14 |
| CVE-2026-43569 json | OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enab... | Wed, 06 May 2026 21:57:15 |
| CVE-2026-43568 json | OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to m... | Wed, 06 May 2026 21:57:15 |
| CVE-2026-43567 json | OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses... | Wed, 06 May 2026 21:57:15 |
| CVE-2026-43566 json | OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logi... | Wed, 06 May 2026 21:57:15 |
| CVE-2026-43534 json | OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as tru... | Wed, 06 May 2026 21:57:15 |
| CVE-2026-43533 json | OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to referenc... | Wed, 06 May 2026 21:57:15 |
| CVE-2026-43532 json | OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processin... | Wed, 06 May 2026 21:57:15 |
| CVE-2026-43529 json | OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function ... | Wed, 06 May 2026 21:57:15 |
| CVE-2026-43528 json | OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unre... | Wed, 06 May 2026 21:57:15 |