CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-9496 json | Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service (DoS) via the addGitSha func... | Sat, 27 Jun 2026 12:18:18 |
| CVE-2026-53070 json | In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udp_tunnel_xmit_skb() u... | Sat, 27 Jun 2026 07:27:40 |
| CVE-2026-52938 json | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpf_sk_storage_clon... | Sat, 27 Jun 2026 07:27:40 |
| CVE-2026-46252 json | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply... | Sat, 27 Jun 2026 07:27:40 |
| CVE-2026-49416 json | The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overf... | Sat, 27 Jun 2026 06:27:16 |
| CVE-2026-49414 json | The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE ba... | Sat, 27 Jun 2026 06:27:15 |
| CVE-2026-49417 json | Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. ... | Sat, 27 Jun 2026 05:27:17 |
| CVE-2026-49413 json | The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During exe... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-49412 json | The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then ... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-49325 json | Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-49324 json | Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 mode... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-49323 json | Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Sc... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-49322 json | Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows ... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-49318 json | Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model ... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-49317 json | Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model ... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-49316 json | Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an ... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-45259 json | sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of k... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-45258 json | dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buff... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-10118 json | A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF ... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-6893 json | A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially c... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-4775 json | A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putco... | Sat, 27 Jun 2026 05:27:16 |
| CVE-2026-13295 json | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-12471 json | The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin f... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-12432 json | The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 v... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-12399 json | The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scrip... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-11987 json | The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-11783 json | The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-11773 json | The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass i... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-11597 json | The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-f... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-11364 json | The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and del... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-9242 json | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulne... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-9233 json | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-4878 json | A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in t... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-3462 json | The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on t... | Sat, 27 Jun 2026 04:27:11 |
| CVE-2026-13245 json | The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' paramet... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-12404 json | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versi... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-12223 json | A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTP... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-12222 json | A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file ... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-12221 json | A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrad... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-12220 json | A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of th... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-12219 json | A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType ... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-12218 json | A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of ... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-10820 json | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin ... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-9677 json | The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2025-60474 json | A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows at... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2025-60473 json | A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box befor... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2025-60467 json | A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box befor... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2025-60466 json | A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 a... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2025-60465 json | A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 al... | Sat, 27 Jun 2026 02:27:07 |
| CVE-2026-53914 json | In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-49980 json | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 unt... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-48710 json | Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated b... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-45829 json | A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthe... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-45257 json | The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe t... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-42945 json | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when ... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-40083 json | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsa... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-13331 json | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-13283 json | Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-13281 json | Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer ... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-12415 json | The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pra... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-11807 json | A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rule... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-9640 json | A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regardin... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-2651 json | A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--s... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-2611 json | In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This ... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2021-47952 json | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python comm... | Sat, 27 Jun 2026 01:27:11 |
| CVE-2026-42208 json | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version ... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-40372 json | Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-33228 json | flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-25521 json | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to befo... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-22778 json | vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image ... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-20912 json | Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a priva... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-20897 json | Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-20750 json | Gitea does not properly validate project ownership in organization project operations. A user with project write access in on... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-4631 json | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without ... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-1709 json | A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Securi... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2025-70974 json | Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2025-61686 json | React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17... | Sat, 27 Jun 2026 01:27:10 |
| CVE-2026-55838 json | RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-55448 json | mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_c... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-55188 json | RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an author... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-54352 json | Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-53577 json | Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpo... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-52780 json | OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-50136 json | Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint tha... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-47778 json | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and ... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-47205 json | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and ... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-44736 json | OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-44734 json | OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulner... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-44696 json | OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text (markdown) render... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-29509 json | Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py... | Sat, 27 Jun 2026 00:25:25 |
| CVE-2026-57231 json | Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment ... | Sat, 27 Jun 2026 00:25:24 |
| CVE-2026-56788 json | RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX o... | Sat, 27 Jun 2026 00:25:24 |
| CVE-2026-56773 json | Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass auth... | Sat, 27 Jun 2026 00:25:24 |
| CVE-2026-48529 json | GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode en... | Sat, 27 Jun 2026 00:25:24 |
| CVE-2026-13434 json | A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus net... | Sat, 27 Jun 2026 00:25:24 |
| CVE-2026-13083 json | A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escapin... | Sat, 27 Jun 2026 00:25:24 |
| CVE-2025-71333 json | Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint whe... | Sat, 27 Jun 2026 00:25:24 |
| CVE-2025-32394 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Sat, 27 Jun 2026 00:25:24 |
| CVE-2020-37256 json | Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configurati... | Sat, 27 Jun 2026 00:25:24 |
| CVE-2026-13422 json | The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missi... | Fri, 26 Jun 2026 22:23:58 |