CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-54801 json | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (A... | Thu, 09 Jul 2026 13:05:19 |
| CVE-2026-54800 json | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (A... | Thu, 09 Jul 2026 13:05:19 |
| CVE-2026-54799 json | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (A... | Thu, 09 Jul 2026 13:05:19 |
| CVE-2026-60000 json | sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authent... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-59999 json | In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-59261 json | OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider cre... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-58307 json | Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Man... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-58306 json | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargo... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-54798 json | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (A... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-52200 json | An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web ... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-51535 json | In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists in its network processing lo... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-39179 json | A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the ne... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-39178 json | A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the se... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-36028 json | A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kios... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-35552 json | In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote use... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-31309 json | Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attacke... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-24700 json | An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmw... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-24699 json | An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmwa... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-24698 json | An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-24697 json | An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with fi... | Thu, 09 Jul 2026 13:05:18 |
| CVE-2026-59998 json | sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the ser... | Thu, 09 Jul 2026 13:05:17 |
| CVE-2026-51937 json | An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTick... | Thu, 09 Jul 2026 13:05:17 |
| CVE-2026-50811 json | An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb4... | Thu, 09 Jul 2026 13:05:17 |
| CVE-2026-48955 json | An improper access check allows unauthorized users to access workflow stage and transition information. | Thu, 09 Jul 2026 13:05:17 |
| CVE-2026-36163 json | An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arb... | Thu, 09 Jul 2026 13:05:17 |
| CVE-2026-36162 json | An authenticated stored cross-site scripting (XSS) vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows a... | Thu, 09 Jul 2026 13:05:17 |
| CVE-2026-59692 json | A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Sub... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-59691 json | A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC se... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-59269 json | A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the c... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-56460 json | HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses th... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-56459 json | HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensi... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-56458 json | HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-56292 json | A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthoriz... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-56291 json | The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-33390 json | An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiv... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-31985 json | When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled T... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-31984 json | A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, ... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-12879 json | An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Clou... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-12590 json | Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invali... | Thu, 09 Jul 2026 12:50:21 |
| CVE-2026-47840 json | A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-47831 json | Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-build... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-47830 json | Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authe... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-47829 json | Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawne... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-47828 json | During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's ... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-47826 json | The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrat... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-47646 json | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-41857 json | A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-31983 json | A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker c... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-31982 json | An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a us... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-31981 json | A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation funct... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-15168 json | BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-8472 json | GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 bef... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-7492 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 b... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-6896 json | GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 be... | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-5923 json | Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage. | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-5922 json | The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage. | Thu, 09 Jul 2026 12:50:20 |
| CVE-2026-58525 json | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over ... | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15174 json | Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15173 json | pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15172 json | FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15171 json | SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15170 json | Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15169 json | UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15167 json | DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15166 json | IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15165 json | TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15164 json | Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15163 json | Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-13320 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 ... | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-6352 json | GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 bef... | Thu, 09 Jul 2026 12:50:19 |
| CVE-2026-15154 json | A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Express... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-15067 json | Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via a... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-15063 json | A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is e... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-15062 json | SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow aut... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-13151 json | GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 be... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-11827 json | GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 befo... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-9074 json | IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerabi... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-8801 json | Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue affects MOVEit Transfer: befor... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-8800 json | Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issue affects MOVEit Transfer: b... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-8651 json | Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module). This issue affects MOVEi... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-8650 json | Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This issue affects MOVEit Transfe... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-8649 json | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports mod... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-3144 json | IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access ... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-0288 json | Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS so... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2025-12506 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 ... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2025-3110 json | OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attacke... | Thu, 09 Jul 2026 12:50:18 |
| CVE-2026-60002 json | ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outco... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-60001 json | sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-56003 json | A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledP... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-56002 json | A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authent... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-56001 json | A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by atta... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-56000 json | Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-55999 json | Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-44877 json | An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Swit... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-15044 json | A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific securi... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-12621 json | Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) all... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-12619 json | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTi... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-11903 json | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfe... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-10699 json | Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules). This ... | Thu, 09 Jul 2026 12:50:17 |
| CVE-2026-10698 json | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports mod... | Thu, 09 Jul 2026 12:50:17 |