CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-32683 json | Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmissio... | Sat, 09 May 2026 05:21:42 |
| CVE-2026-3828 json | Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution du... | Sat, 09 May 2026 05:21:42 |
| CVE-2026-1749 json | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user t... | Sat, 09 May 2026 05:21:42 |
| CVE-2026-25199 json | Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issu... | Sat, 09 May 2026 03:19:41 |
| CVE-2025-66467 json | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they pre... | Sat, 09 May 2026 03:19:41 |
| CVE-2025-66172 json | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-a... | Sat, 09 May 2026 03:19:41 |
| CVE-2025-66171 json | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-a... | Sat, 09 May 2026 03:19:40 |
| CVE-2025-66170 json | The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated... | Sat, 09 May 2026 03:19:40 |
| CVE-2026-43473 json | In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and... | Sat, 09 May 2026 02:19:24 |
| CVE-2026-43321 json | In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps Fo... | Sat, 09 May 2026 02:19:24 |
| CVE-2026-42560 json | auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, t... | Sat, 09 May 2026 02:19:24 |
| CVE-2026-42311 json | Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead ... | Sat, 09 May 2026 02:19:24 |
| CVE-2026-42310 json | Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that ... | Sat, 09 May 2026 02:19:24 |
| CVE-2026-42309 json | Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs... | Sat, 09 May 2026 02:19:24 |
| CVE-2026-42308 json | Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, ... | Sat, 09 May 2026 02:19:24 |
| CVE-2025-15634 json | A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sen... | Sat, 09 May 2026 02:19:24 |
| CVE-2025-15633 json | An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges ... | Sat, 09 May 2026 02:19:24 |
| CVE-2026-44028 json | An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42461 json | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpo... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42301 json | pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI packa... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42297 json | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42296 json | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to ver... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42295 json | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42294 json | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to ver... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42183 json | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42174 json | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and d... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42137 json | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/l... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42069 json | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role info... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-42051 json | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license d... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-41311 json | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular bloc... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-41163 json | bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is instal... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-8209 json | Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of w... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-8208 json | Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report ... | Sat, 09 May 2026 00:19:31 |
| CVE-2026-8207 json | Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphi... | Fri, 08 May 2026 23:19:27 |
| CVE-2026-7652 json | The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthentica... | Fri, 08 May 2026 23:19:27 |
| CVE-2026-39816 json | The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required P... | Fri, 08 May 2026 22:19:18 |
| CVE-2026-41705 json | Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized docu... | Fri, 08 May 2026 21:19:16 |
| CVE-2026-6667 json | PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with ... | Fri, 08 May 2026 21:19:16 |
| CVE-2026-6666 json | A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response witho... | Fri, 08 May 2026 21:19:16 |
| CVE-2026-6665 json | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of... | Fri, 08 May 2026 21:19:16 |
| CVE-2026-6664 json | An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a cra... | Fri, 08 May 2026 21:19:16 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Fri, 08 May 2026 21:04:15 |
| CVE-2026-44313 json | Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to v... | Fri, 08 May 2026 20:18:49 |
| CVE-2026-42455 json | Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version... | Fri, 08 May 2026 20:18:49 |
| CVE-2026-42278 json | UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTr... | Fri, 08 May 2026 20:18:49 |
| CVE-2026-41496 json | PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-... | Fri, 08 May 2026 20:18:49 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Fri, 08 May 2026 20:18:49 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Fri, 08 May 2026 20:18:49 |
| CVE-2026-45130 json | Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() ... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-44987 json | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions c... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-44656 json | Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in V... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-44286 json | FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vul... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-44284 json | FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP to... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-42556 json | Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can cr... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-42456 json | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. P... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-42454 json | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to versio... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-42453 json | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to versio... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-42452 json | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to versio... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-42451 json | Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimm... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-42354 json | Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulner... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-42352 json | pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, O... | Fri, 08 May 2026 19:17:16 |
| CVE-2026-42351 json | pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42350 json | Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo i... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42346 json | Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42345 json | FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/s... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42344 json | FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/s... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42343 json | FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42339 json | New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. In versions 0.11.9-a... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42307 json | Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in t... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42302 json | FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of Fast... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42298 json | Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42291 json | SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints fo... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42284 json | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_optio... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42259 json | Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-42224 json | ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to ... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-41682 json | pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable t... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-41520 json | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9,... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-41432 json | New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.1... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-7413 json | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticat... | Fri, 08 May 2026 19:17:15 |
| CVE-2026-36458 json | ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the... | Fri, 08 May 2026 19:17:14 |
| CVE-2026-32686 json | Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decim... | Fri, 08 May 2026 19:17:14 |
| CVE-2026-30496 json | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allo... | Fri, 08 May 2026 19:17:14 |
| CVE-2026-30495 json | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port... | Fri, 08 May 2026 19:17:14 |
| CVE-2026-8094 json | Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2. | Fri, 08 May 2026 19:17:14 |
| CVE-2026-8091 json | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbir... | Fri, 08 May 2026 19:17:14 |
| CVE-2025-67202 json | Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting (xss) vulnerab... | Fri, 08 May 2026 19:17:14 |
| CVE-2025-63706 json | NPM package next-npm-version1.0.1 is vulnerable to Command injection. | Fri, 08 May 2026 19:17:14 |
| CVE-2025-63703 json | npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js(). | Fri, 08 May 2026 19:17:14 |
| CVE-2026-44339 json | PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagent... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42287 json | Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42286 json | Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42213 json | SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to ... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42212 json | SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to ... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42209 json | FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained ... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42206 json | Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.1... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42205 json | Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerabil... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42202 json | nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint (POST/nova-vendor/nova-toggl... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42199 json | Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42195 json | draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?g... | Fri, 08 May 2026 18:17:10 |
| CVE-2026-42193 json | Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Am... | Fri, 08 May 2026 18:17:10 |