CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-49433 json | The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attac... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-49140 json | Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that a... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-49139 json | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler th... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-49138 json | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote ... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-49136 json | Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() funct... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-49135 json | CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sen... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-49134 json | CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to ex... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-37234 json | FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnec... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-24751 json | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data For... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-10289 json | A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown functio... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-10288 json | A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function pas... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-10287 json | A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_head... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-5419 json | A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-ch... | Mon, 01 Jun 2026 17:20:16 |
| CVE-2026-46243 json | In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions ... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-45344 json | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitial... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-45311 json | CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the ... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-42015 json | A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an ... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-41013 json | Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space ... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-39292 json | Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder modu... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-38950 json | An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The a... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-37579 json | An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessage... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-37227 json | FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message typ... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-37225 json | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field. ... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-37224 json | FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforc... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-37223 json | FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-10286 json | A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The m... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-10285 json | A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function Ka... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-10284 json | A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function edi... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-8643 json | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path ... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-8501 json | Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-5260 json | A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange t... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2025-70099 json | A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2021-46747 json | Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space a... | Mon, 01 Jun 2026 17:20:15 |
| CVE-2026-44376 json | CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the Cube... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-42013 json | A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validat... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-42012 json | A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate ... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-42011 json | A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previo... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-42010 json | A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-42009 json | A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet r... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-33846 json | A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in me... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-33845 json | A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an intege... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-3833 json | A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints`... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-3832 json | A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certi... | Mon, 01 Jun 2026 17:20:14 |
| CVE-2026-44353 json | Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's... | Mon, 01 Jun 2026 16:20:13 |
| CVE-2025-13593 json | Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary... | Mon, 01 Jun 2026 16:20:13 |
| CVE-2026-2237 json | A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager packa... | Mon, 01 Jun 2026 16:05:18 |
| CVE-2025-66593 json | An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files... | Mon, 01 Jun 2026 16:05:17 |
| CVE-2025-66592 json | An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to... | Mon, 01 Jun 2026 16:05:17 |
| CVE-2024-21182 json | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that a... | Mon, 01 Jun 2026 15:35:11 |
| CVE-2026-49121 json | AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the Messa... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-47294 json | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-45810 json | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 3... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-45729 json | Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereferenc... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-45727 json | CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-s... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-45722 json | Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-45691 json | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-45690 json | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-45545 json | Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-9614 json | An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticate... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-9330 json | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserializat... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-9319 json | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untr... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-9311 json | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security control... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-8644 json | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-7770 json | IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when ... | Mon, 01 Jun 2026 15:20:17 |
| CVE-2026-45544 json | Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter crite... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45543 json | Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborato... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45302 json | parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, pa... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45286 json | Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3,... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45285 json | Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45284 json | Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check all... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45283 json | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45282 json | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45281 json | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45279 json | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 3... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45278 json | Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45277 json | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrar... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-45275 json | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exis... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-43958 json | A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-43625 json | CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported ... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-43624 json | F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthentic... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-43623 json | microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c... | Mon, 01 Jun 2026 15:20:16 |
| CVE-2026-40990 json | OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products an... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-40989 json | Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: ... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-37235 json | FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The va... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-37233 json | FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-37232 json | An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calc... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-37231 json | FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ ... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-37230 json | FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its r... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-37229 json | FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthen... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-37228 json | FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed ... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-37226 json | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup ... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-30963 json | Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through ... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-23638 json | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability i... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-22872 json | Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileg... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-10283 json | A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Ha... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-10282 json | A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file ap... | Mon, 01 Jun 2026 15:20:15 |
| CVE-2026-48810 json | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ... | Mon, 01 Jun 2026 15:20:14 |
| CVE-2026-45372 json | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server ... | Mon, 01 Jun 2026 15:20:14 |
| CVE-2026-44421 json | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-b... | Mon, 01 Jun 2026 15:20:14 |
| CVE-2026-44211 json | Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cros... | Mon, 01 Jun 2026 15:20:14 |