CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-9735 json | MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When c... | Mon, 15 Jun 2026 12:54:14 |
| CVE-2026-12026 json | Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromise... | Mon, 15 Jun 2026 12:39:02 |
| CVE-2026-9863 json | Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-bas... | Mon, 15 Jun 2026 12:23:29 |
| CVE-2026-9862 json | Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd se... | Mon, 15 Jun 2026 12:23:29 |
| CVE-2026-9595 json | Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the ... | Mon, 15 Jun 2026 12:23:29 |
| CVE-2026-8683 json | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost D... | Mon, 15 Jun 2026 12:23:29 |
| CVE-2026-5038 json | Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskSt... | Mon, 15 Jun 2026 12:23:29 |
| CVE-2026-54057 json | Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflect... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-53521 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-50552 json | Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SS... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-45011 json | ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerabi... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-44489 json | Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by uti... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-42851 json | Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal ... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-41157 json | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-31196 json | OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France ... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-31195 json | OS command injection vulnerability in the ping diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140D... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-12189 json | A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.t... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-10634 json | Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-9278 json | The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it an... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-9062 json | The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-p... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-9061 json | The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and output... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-5497 json | vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame ... | Mon, 15 Jun 2026 12:23:28 |
| CVE-2025-15659 json | Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions. | Mon, 15 Jun 2026 12:23:28 |
| CVE-2025-15658 json | Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions. | Mon, 15 Jun 2026 12:23:28 |
| CVE-2026-47960 json | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XX... | Mon, 15 Jun 2026 11:22:15 |
| CVE-2026-47933 json | ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could ... | Mon, 15 Jun 2026 11:22:15 |
| CVE-2026-47932 json | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Director... | Mon, 15 Jun 2026 11:22:15 |
| CVE-2026-47931 json | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result ... | Mon, 15 Jun 2026 11:22:15 |
| CVE-2026-47930 json | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result ... | Mon, 15 Jun 2026 11:22:15 |
| CVE-2026-34657 json | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathnam... | Mon, 15 Jun 2026 11:22:15 |
| CVE-2026-47929 json | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in... | Mon, 15 Jun 2026 11:22:14 |
| CVE-2026-47928 json | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result ... | Mon, 15 Jun 2026 11:22:14 |
| CVE-2022-32511 json | jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. | Mon, 15 Jun 2026 11:22:14 |
| CVE-2026-48998 json | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header ... | Mon, 15 Jun 2026 11:07:11 |
| CVE-2026-49214 json | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control ... | Mon, 15 Jun 2026 10:51:35 |
| CVE-2025-46313 json | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to ac... | Mon, 15 Jun 2026 10:36:14 |
| CVE-2025-43278 json | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to... | Mon, 15 Jun 2026 10:36:14 |
| CVE-2026-52704 json | Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-49111 json | Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects M... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-49064 json | Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. ... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-49062 json | Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploit... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-48969 json | Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions. | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-6517 json | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forw... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-5242 json | Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Inje... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-5233 json | Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue aff... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-5230 json | Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrect... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-5079 json | Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field n... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2025-64215 json | Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constra... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2019-25746 json | WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to ... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2018-25437 json | WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2018-25436 json | WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unau... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2016-20084 json | WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticat... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2016-20083 json | WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unautho... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2016-20082 json | WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitr... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2016-20081 json | WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2016-20080 json | WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allow... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2016-20079 json | WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attacke... | Mon, 15 Jun 2026 10:20:59 |
| CVE-2026-54056 json | Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-a... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-53520 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-47631 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an u... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-47268 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-44990 json | ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a ... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-34023 json | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in t... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-34022 json | The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-34021 json | The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the se... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-8385 json | The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallba... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-4870 json | IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service du... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20078 json | WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to re... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20077 json | WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to re... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20076 json | WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary fil... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20075 json | WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20074 json | WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20073 json | Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to ... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20072 json | BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to e... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20071 json | The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that all... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20070 json | WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities ... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20069 json | WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20068 json | WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that all... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20067 json | WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized ac... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2016-20066 json | WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious s... | Mon, 15 Jun 2026 10:20:58 |
| CVE-2026-47292 json | Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate pri... | Mon, 15 Jun 2026 10:20:57 |
| CVE-2026-47287 json | Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network. | Mon, 15 Jun 2026 10:20:57 |
| CVE-2026-47284 json | Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose ... | Mon, 15 Jun 2026 10:20:57 |
| CVE-2026-47281 json | Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | Mon, 15 Jun 2026 10:20:57 |
| CVE-2026-45650 json | User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform sp... | Mon, 15 Jun 2026 10:20:57 |
| CVE-2024-39011 json | Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service ... | Mon, 15 Jun 2026 10:20:57 |
| CVE-2026-46479 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation c... | Mon, 15 Jun 2026 10:05:38 |
| CVE-2026-46478 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow c... | Mon, 15 Jun 2026 10:05:38 |
| CVE-2026-46477 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset crea... | Mon, 15 Jun 2026 10:05:38 |
| CVE-2026-46476 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTempla... | Mon, 15 Jun 2026 10:05:38 |
| CVE-2026-50262 json | An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size... | Mon, 15 Jun 2026 09:50:37 |
| CVE-2026-50261 json | A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple Syn... | Mon, 15 Jun 2026 09:50:37 |
| CVE-2026-52860 json | Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstruct... | Mon, 15 Jun 2026 09:35:14 |
| CVE-2026-52858 json | Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3compl... | Mon, 15 Jun 2026 09:35:14 |
| CVE-2026-47167 json | Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepma... | Mon, 15 Jun 2026 09:35:14 |
| CVE-2026-52859 json | Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c ... | Mon, 15 Jun 2026 09:20:09 |
| CVE-2026-49982 json | tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only ... | Mon, 15 Jun 2026 09:05:01 |
| CVE-2026-44705 json | tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vuln... | Mon, 15 Jun 2026 09:05:01 |
| CVE-2026-40914 json | A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant... | Mon, 15 Jun 2026 09:05:01 |
| CVE-2026-32642 json | Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using ... | Mon, 15 Jun 2026 09:05:01 |