CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-5004 | A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/fire... | Fri, 03 Apr 2026 07:43:59 |
| CVE-2026-4976 | A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of... | Fri, 03 Apr 2026 07:43:59 |
| CVE-2026-4975 | A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of ... | Fri, 03 Apr 2026 07:43:59 |
| CVE-2026-4611 | A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the functio... | Fri, 03 Apr 2026 07:43:59 |
| CVE-2026-4565 | A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetCon... | Fri, 03 Apr 2026 07:43:59 |
| CVE-2026-3502 | TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to ... | Fri, 03 Apr 2026 07:43:59 |
| CVE-2026-4554 | A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /... | Fri, 03 Apr 2026 07:43:58 |
| CVE-2026-4497 | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewF... | Fri, 03 Apr 2026 07:43:58 |
| CVE-2025-67305 | In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys ... | Fri, 03 Apr 2026 07:43:58 |
| CVE-2025-67304 | In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL datab... | Fri, 03 Apr 2026 07:43:58 |
| CVE-2025-70828 | An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration | Fri, 03 Apr 2026 07:43:57 |
| CVE-2025-69874 | nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to wri... | Fri, 03 Apr 2026 07:43:57 |
| CVE-2025-67102 | A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute a... | Fri, 03 Apr 2026 07:43:57 |
| CVE-2025-59793 | Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated u... | Fri, 03 Apr 2026 07:43:57 |
| CVE-2025-32355 | Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misco... | Fri, 03 Apr 2026 07:43:57 |
| CVE-2026-28756 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Di... | Fri, 03 Apr 2026 07:28:52 |
| CVE-2026-28754 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists rep... | Fri, 03 Apr 2026 07:28:52 |
| CVE-2026-27413 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Buil... | Fri, 03 Apr 2026 07:28:52 |
| CVE-2019-14360 | On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each ... | Fri, 03 Apr 2026 07:28:52 |
| CVE-2026-5462 | A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file... | Fri, 03 Apr 2026 04:25:15 |
| CVE-2026-4350 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and i... | Fri, 03 Apr 2026 04:25:15 |
| CVE-2025-7024 | Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abu... | Fri, 03 Apr 2026 04:25:15 |
| CVE-2026-5458 | A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of th... | Fri, 03 Apr 2026 03:25:13 |
| CVE-2026-5457 | A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown ... | Fri, 03 Apr 2026 03:25:13 |
| CVE-2026-5456 | A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown fu... | Fri, 03 Apr 2026 03:25:13 |
| CVE-2026-5455 | A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the fil... | Fri, 03 Apr 2026 03:25:13 |
| CVE-2026-34222 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, t... | Fri, 03 Apr 2026 02:25:12 |
| CVE-2026-33691 | The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. P... | Fri, 03 Apr 2026 02:25:12 |
| CVE-2026-29014 | MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attacke... | Fri, 03 Apr 2026 02:25:12 |
| CVE-2026-24068 | The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which i... | Fri, 03 Apr 2026 02:25:12 |
| CVE-2026-35549 | An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the... | Fri, 03 Apr 2026 01:25:11 |
| CVE-2026-5463 | Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers t... | Fri, 03 Apr 2026 01:25:11 |
| CVE-2026-5454 | A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res... | Fri, 03 Apr 2026 01:25:11 |
| CVE-2026-5453 | A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some ... | Fri, 03 Apr 2026 01:25:11 |
| CVE-2026-35545 | An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via ... | Fri, 03 Apr 2026 01:25:10 |
| CVE-2026-35544 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization... | Fri, 03 Apr 2026 01:25:10 |
| CVE-2026-35543 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via ... | Fri, 03 Apr 2026 01:25:10 |
| CVE-2026-35542 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via ... | Fri, 03 Apr 2026 01:25:10 |
| CVE-2026-35541 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin c... | Fri, 03 Apr 2026 01:25:10 |
| CVE-2026-35540 | An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in H... | Fri, 03 Apr 2026 01:25:10 |
| CVE-2026-35539 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment san... | Fri, 03 Apr 2026 01:25:09 |
| CVE-2026-35538 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead t... | Fri, 03 Apr 2026 01:25:09 |
| CVE-2026-35537 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session h... | Fri, 03 Apr 2026 00:25:08 |
| CVE-2026-35536 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestH... | Fri, 03 Apr 2026 00:25:08 |
| CVE-2026-5452 | A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file c... | Fri, 03 Apr 2026 00:25:08 |
| CVE-2026-35535 | In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before run... | Thu, 02 Apr 2026 23:24:58 |
| CVE-2026-28815 | A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation pa... | Thu, 02 Apr 2026 23:24:58 |
| CVE-2026-35508 | Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, | Thu, 02 Apr 2026 22:23:39 |
| CVE-2026-35507 | Shynet before 0.14.0 allows Host header injection in the password reset flow. | Thu, 02 Apr 2026 22:23:39 |
| CVE-2025-54236 | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Thu, 02 Apr 2026 21:07:51 |
| CVE-2026-33107 | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-33105 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a net... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-32213 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-32211 | Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-32173 | Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-26135 | Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate ... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2025-0133 | A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Network... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2012-0059 | A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC ca... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2011-3344 | A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/P... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2011-2927 | A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows ... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2025-15620 | HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web inte... | Thu, 02 Apr 2026 19:21:36 |
| CVE-2022-4986 | Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to cra... | Thu, 02 Apr 2026 19:21:36 |
| CVE-2024-14034 | Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management m... | Thu, 02 Apr 2026 19:21:35 |
| CVE-2023-7343 | HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows aut... | Thu, 02 Apr 2026 19:21:35 |
| CVE-2023-7342 | HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated ... | Thu, 02 Apr 2026 19:21:34 |
| CVE-2024-14033 | Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap ov... | Thu, 02 Apr 2026 18:20:35 |
| CVE-2011-2920 | A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote at... | Thu, 02 Apr 2026 18:20:35 |
| CVE-2011-1594 | A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers... | Thu, 02 Apr 2026 18:20:35 |
| CVE-2026-35467 | The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to ... | Thu, 02 Apr 2026 17:19:41 |
| CVE-2026-35466 | XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE AP... | Thu, 02 Apr 2026 17:19:41 |
| CVE-2026-30252 | Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare... | Thu, 02 Apr 2026 17:19:40 |
| CVE-2026-30251 | A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare S... | Thu, 02 Apr 2026 17:19:40 |
| CVE-2026-30520 | A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the... | Thu, 02 Apr 2026 17:04:16 |
| CVE-2026-25101 | Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after au... | Thu, 02 Apr 2026 17:04:16 |
| CVE-2026-33495 | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on set... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2026-4553 | A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of t... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2026-4552 | A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/Virt... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2026-4551 | A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /go... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2026-4533 | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functio... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2025-15608 | This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unva... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2019-25613 | Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by send... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2025-15607 | A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing ... | Thu, 02 Apr 2026 17:04:14 |
| CVE-2026-28265 | PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could po... | Thu, 02 Apr 2026 16:49:08 |
| CVE-2026-27101 | Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper L... | Thu, 02 Apr 2026 16:49:08 |
| CVE-2026-4748 | A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only... | Thu, 02 Apr 2026 16:49:08 |
| CVE-2026-30280 | An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows ... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-5017 | A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the fi... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-4179 | Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop. | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-3207 | Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access. | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-2348 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit allow... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-1917 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.Th... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-1556 | Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths 7.x prior to 7.1.3 on Dr... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-0945 | Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects ... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2025-13855 | IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-33416 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raste... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-32794 | Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certi... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-22886 | OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ship... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-5019 | A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is a... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-5018 | A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file reg... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-0648 | The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_comp... | Thu, 02 Apr 2026 16:33:54 |