CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-7661 json | The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all vers... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-7659 json | The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode ... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-7626 json | The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to th... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-7616 json | The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-7562 json | The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-7561 json | The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and ... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-7464 json | The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter ... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-7437 json | The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all v... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-7050 json | The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is ... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-6932 json | The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and in... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-6913 json | The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all vers... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-6808 json | The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in al... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-6710 json | The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includi... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-6709 json | The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and in... | Tue, 12 May 2026 05:21:30 |
| CVE-2026-6708 json | The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all ver... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-6690 json | The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJ... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-6663 json | The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, ... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-6402 json | webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-6256 json | The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'cred... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-6247 json | The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-6237 json | The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' sho... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-5715 json | The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-cont... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-5693 json | The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capa... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-5340 json | The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shor... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-5028 json | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parame... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-4920 json | The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all ... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-4859 json | The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wps... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-4663 json | The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.3.7. T... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-4301 json | The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in ... | Tue, 12 May 2026 05:21:29 |
| CVE-2026-39585 json | Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured Access Control Security Le... | Tue, 12 May 2026 05:21:28 |
| CVE-2026-39432 json | Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Le... | Tue, 12 May 2026 05:21:28 |
| CVE-2026-22920 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Tue, 12 May 2026 05:21:28 |
| CVE-2026-22550 json | OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead t... | Tue, 12 May 2026 05:21:28 |
| CVE-2026-20704 json | Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while lo... | Tue, 12 May 2026 05:21:28 |
| CVE-2026-3604 json | The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_kcseo_ative_tab... | Tue, 12 May 2026 05:21:28 |
| CVE-2026-2993 json | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and inclu... | Tue, 12 May 2026 05:21:28 |
| CVE-2026-2300 json | The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all ... | Tue, 12 May 2026 05:21:28 |
| CVE-2024-34577 json | Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to impro... | Tue, 12 May 2026 05:21:28 |
| CVE-2024-29225 json | ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sen... | Tue, 12 May 2026 05:21:28 |
| CVE-2026-35227 json | An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race... | Tue, 12 May 2026 04:21:27 |
| CVE-2026-1681 json | Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively ... | Tue, 12 May 2026 03:21:25 |
| CVE-2026-1185 json | A configuration file on the local file system had improper input validation which could allow code execution and potentially ... | Tue, 12 May 2026 03:21:25 |
| CVE-2026-0804 json | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential... | Tue, 12 May 2026 03:21:25 |
| CVE-2026-0802 json | An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to pr... | Tue, 12 May 2026 03:21:25 |
| CVE-2026-0541 json | ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially ... | Tue, 12 May 2026 03:21:25 |
| CVE-2026-41872 json | "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack ... | Tue, 12 May 2026 02:21:12 |
| CVE-2026-41530 json | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. Whe... | Tue, 12 May 2026 02:21:12 |
| CVE-2026-45430 json | The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authori... | Tue, 12 May 2026 00:18:18 |
| CVE-2026-7287 json | ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgrad... | Tue, 12 May 2026 00:18:18 |
| CVE-2026-7257 json | ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel... | Tue, 12 May 2026 00:18:18 |
| CVE-2026-7256 json | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.... | Tue, 12 May 2026 00:18:18 |
| CVE-2026-7255 json | ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web managem... | Tue, 12 May 2026 00:18:18 |
| CVE-2026-42455 json | Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-42452 json | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to versio... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-42343 json | FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-42297 json | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-42286 json | Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-41432 json | New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.1... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-40137 json | SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when click... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-40136 json | SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporar... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-40135 json | An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows a... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-40134 json | Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users coul... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-40133 json | Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized ac... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-40132 json | Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an aut... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-40131 json | SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-40129 json | Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated at... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-34263 json | Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configu... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-34260 json | SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to ... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-34259 json | Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrativ... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-34258 json | SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malic... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-27682 json | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on B... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-0502 json | Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tri... | Mon, 11 May 2026 23:17:13 |
| CVE-2026-45362 json | Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. | Mon, 11 May 2026 21:31:20 |
| CVE-2026-45321 json | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published... | Mon, 11 May 2026 21:31:20 |
| CVE-2026-34430 json | ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows... | Mon, 11 May 2026 21:31:20 |
| CVE-2026-32859 json | ByteDance DeerFlow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API... | Mon, 11 May 2026 21:31:20 |
| CVE-2026-28517 json | openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. Th... | Mon, 11 May 2026 21:31:20 |
| CVE-2026-7979 json | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin ... | Mon, 11 May 2026 21:31:20 |
| CVE-2026-6860 json | A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a serve... | Mon, 11 May 2026 21:31:20 |
| CVE-2025-66955 json | Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users... | Mon, 11 May 2026 21:31:20 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Mon, 11 May 2026 21:01:15 |
| CVE-2026-44916 json | In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without ... | Mon, 11 May 2026 20:31:14 |
| CVE-2026-8349 json | A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message ... | Mon, 11 May 2026 20:31:14 |
| CVE-2026-8346 json | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a ma... | Mon, 11 May 2026 20:31:14 |
| CVE-2026-7010 json | HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unv... | Mon, 11 May 2026 20:31:14 |
| CVE-2026-45186 json | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via mode... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-43914 json | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultward... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-43913 json | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-43912 json | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_use... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-43911 json | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the us... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-43901 json | Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suit... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-43900 json | DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-bet... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-43899 json | DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-bet... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-42554 json | Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote a... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-34963 json | barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c wh... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-34962 json | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_commo... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-29201 json | Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` AdminBin call can cause arbitrary file r... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-8345 json | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function s... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-5119 json | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are t... | Mon, 11 May 2026 19:31:18 |
| CVE-2026-4271 json | A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in t... | Mon, 11 May 2026 19:31:18 |