CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-48102 json | 7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up t... | Fri, 05 Jun 2026 12:23:43 |
| CVE-2026-48101 json | 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclo... | Fri, 05 Jun 2026 12:23:43 |
| CVE-2026-11362 json | DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not prope... | Fri, 05 Jun 2026 12:23:43 |
| CVE-2026-9270 json | DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise inp... | Fri, 05 Jun 2026 12:23:43 |
| CVE-2026-11336 json | A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11304 json | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corrup... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11302 json | Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11301 json | Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially ... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11300 json | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI s... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11299 json | Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive i... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11298 json | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to by... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11297 json | Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local ... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11208 json | Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive in... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11206 json | Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cr... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11205 json | Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote ... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11204 json | Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass nav... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11203 json | Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to leak cross-or... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11202 json | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to po... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11201 json | Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11200 json | Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11199 json | Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network po... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11198 json | Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to pot... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11197 json | Insufficient policy enforcement in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromi... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11196 json | Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive infor... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11195 json | Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user ... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11194 json | Inappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origi... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11193 json | Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypa... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11192 json | Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attac... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11191 json | Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11190 json | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user t... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11189 json | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convin... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11182 json | Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin da... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11042 json | Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in s... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11038 json | Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to... | Fri, 05 Jun 2026 12:23:42 |
| CVE-2026-11037 json | Out of bounds write in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sand... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2026-10989 json | Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to ... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2026-10988 json | Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer pr... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2026-10922 json | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who ... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2026-10897 json | Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform ... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2026-10893 json | Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via ... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2026-10892 json | Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perfor... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4822 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energie... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4784 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allow... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4764 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aida Computer Informati... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4763 json | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer In... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4738 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ER... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4688 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.L... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4686 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Softw... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4411 json | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dataprom Informa... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4383 json | Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. T... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4378 json | Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mo... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4320 json | Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirso... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4319 json | Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerabil... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2025-4296 json | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HotelRunner B2B allows Forceful Browsing. This issue af... | Fri, 05 Jun 2026 12:23:41 |
| CVE-2026-6209 json | Improper Access Control, Missing Authorization vulnerability in HAVELSAN Inc. Geographic Tracking System allows Accessing Fun... | Fri, 05 Jun 2026 12:08:17 |
| CVE-2026-6208 json | Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking System allows Exploitatio... | Fri, 05 Jun 2026 12:08:17 |
| CVE-2026-6207 json | Observable response discrepancy vulnerability in HAVELSAN Inc. Geographic Tracking System allows System Footprinting. This i... | Fri, 05 Jun 2026 12:08:17 |
| CVE-2026-50593 json | Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does n... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-50590 json | In Mimecast Incydr before 2.6.0, arbitrary file access can occur. | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-48907 json | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-48095 json | 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-48092 json | 7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via Squa... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-38579 json | Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote ... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-37737 json | sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py ... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-25659 json | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerabil... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-25658 json | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerabil... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-25657 json | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CW... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-21837 json | HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacke... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-21826 json | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can ma... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-21825 json | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-11369 json | The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-11347 json | The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limit... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-11346 json | A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated at... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-11345 json | An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers t... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-11335 json | A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b61... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-11334 json | A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-11333 json | A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-10879 json | DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The prepars... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-6274 json | Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics I... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2025-59174 json | Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2020-25900 json | HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city... | Fri, 05 Jun 2026 12:08:16 |
| CVE-2026-50589 json | In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-42547 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In version... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-42543 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-42540 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-42539 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-42538 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-42329 json | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-41567 json | Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a c... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-41522 json | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to v... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-5589 json | An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c)... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-5066 json | A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/s... | Fri, 05 Jun 2026 12:08:15 |
| CVE-2026-48480 json | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp impleme... | Fri, 05 Jun 2026 12:08:14 |
| CVE-2026-41518 json | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts... | Fri, 05 Jun 2026 12:08:14 |
| CVE-2026-41249 json | CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.gi... | Fri, 05 Jun 2026 12:08:14 |
| CVE-2026-40898 json | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allo... | Fri, 05 Jun 2026 12:08:14 |
| CVE-2026-36499 json | A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write a... | Fri, 05 Jun 2026 12:08:14 |
| CVE-2026-21404 json | NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) im... | Fri, 05 Jun 2026 12:08:14 |
| CVE-2025-71316 json | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI cod... | Fri, 05 Jun 2026 12:08:14 |
| CVE-2025-65640 json | Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.5... | Fri, 05 Jun 2026 12:08:14 |