CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-33703 json | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in... | Thu, 16 Apr 2026 14:54:15 |
| CVE-2026-33702 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object ... | Thu, 16 Apr 2026 14:54:15 |
| CVE-2026-35585 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Thu, 16 Apr 2026 14:54:14 |
| CVE-2026-33793 json | An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS ... | Thu, 16 Apr 2026 14:54:14 |
| CVE-2026-33791 json | An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local,... | Thu, 16 Apr 2026 14:54:14 |
| CVE-2026-33776 json | A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with l... | Thu, 16 Apr 2026 14:54:14 |
| CVE-2026-33698 json | Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from th... | Thu, 16 Apr 2026 14:54:14 |
| CVE-2026-33710 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + ... | Thu, 16 Apr 2026 14:39:15 |
| CVE-2026-33708 json | Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns pers... | Thu, 16 Apr 2026 14:39:15 |
| CVE-2026-33707 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates ... | Thu, 16 Apr 2026 14:39:15 |
| CVE-2026-33706 json | Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their ow... | Thu, 16 Apr 2026 14:39:15 |
| CVE-2026-35604 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Thu, 16 Apr 2026 14:39:14 |
| CVE-2026-35592 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function ... | Thu, 16 Apr 2026 14:39:14 |
| CVE-2026-34980 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and p... | Thu, 16 Apr 2026 14:39:14 |
| CVE-2026-34979 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and p... | Thu, 16 Apr 2026 14:39:14 |
| CVE-2026-34978 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and p... | Thu, 16 Apr 2026 14:39:14 |
| CVE-2026-33797 json | An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjac... | Thu, 16 Apr 2026 14:39:14 |
| CVE-2026-33705 json | Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are d... | Thu, 16 Apr 2026 14:39:14 |
| CVE-2026-33704 json | Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrar... | Thu, 16 Apr 2026 14:39:14 |
| CVE-2026-41082 json | In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-37337 json | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php. | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-37336 json | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php. | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-33737 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() with... | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-33083 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-33082 json | DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability... | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-30656 json | A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_... | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-27820 json | zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.... | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-24749 json | The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 th... | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-2336 json | A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-d... | Thu, 16 Apr 2026 14:24:15 |
| CVE-2025-43883 json | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerabi... | Thu, 16 Apr 2026 14:24:15 |
| CVE-2026-39314 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and p... | Thu, 16 Apr 2026 14:24:14 |
| CVE-2026-35607 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Thu, 16 Apr 2026 14:24:14 |
| CVE-2026-35606 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Thu, 16 Apr 2026 14:24:14 |
| CVE-2026-35605 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Thu, 16 Apr 2026 14:24:14 |
| CVE-2026-34990 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and p... | Thu, 16 Apr 2026 14:24:14 |
| CVE-2026-33736 json | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumera... | Thu, 16 Apr 2026 14:24:14 |
| CVE-2019-25567 json | Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows ... | Thu, 16 Apr 2026 14:24:14 |
| CVE-2019-25566 json | TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the appl... | Thu, 16 Apr 2026 14:24:14 |
| CVE-2019-25565 json | Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows loca... | Thu, 16 Apr 2026 14:24:14 |
| CVE-2026-39316 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and p... | Thu, 16 Apr 2026 14:09:14 |
| CVE-2026-35610 json | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) an... | Thu, 16 Apr 2026 14:09:14 |
| CVE-2026-35581 json | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands ... | Thu, 16 Apr 2026 14:09:14 |
| CVE-2026-35580 json | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection... | Thu, 16 Apr 2026 14:09:14 |
| CVE-2026-4926 json | Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), su... | Thu, 16 Apr 2026 14:09:13 |
| CVE-2026-4923 json | Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is v... | Thu, 16 Apr 2026 14:09:13 |
| CVE-2026-4867 json | Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated ... | Thu, 16 Apr 2026 14:09:13 |
| CVE-2019-25560 json | Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processi... | Thu, 16 Apr 2026 14:09:13 |
| CVE-2019-25559 json | SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers... | Thu, 16 Apr 2026 14:09:13 |
| CVE-2019-25558 json | Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to cra... | Thu, 16 Apr 2026 14:09:13 |
| CVE-2019-25554 json | Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application ... | Thu, 16 Apr 2026 14:09:13 |
| CVE-2026-35574 json | ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting (XSS) vulnerability in Ch... | Thu, 16 Apr 2026 13:54:14 |
| CVE-2026-35002 json | Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows ... | Thu, 16 Apr 2026 13:54:14 |
| CVE-2026-3635 json | Summary When trustProxy is configured with a restrictive trust function (e.g., a specific IP like trustProxy: '10.0.0.1', a s... | Thu, 16 Apr 2026 13:54:13 |
| CVE-2019-25550 json | Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting ex... | Thu, 16 Apr 2026 13:54:13 |
| CVE-2019-25549 json | VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by ... | Thu, 16 Apr 2026 13:54:13 |
| CVE-2019-25548 json | BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by sub... | Thu, 16 Apr 2026 13:54:13 |
| CVE-2019-25545 json | Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application... | Thu, 16 Apr 2026 13:54:13 |
| CVE-2019-25544 json | Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an... | Thu, 16 Apr 2026 13:54:13 |
| CVE-2026-21013 json | Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive informa... | Thu, 16 Apr 2026 13:39:20 |
| CVE-2026-21003 json | Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers t... | Thu, 16 Apr 2026 13:39:20 |
| CVE-2026-33746 json | Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTServi... | Thu, 16 Apr 2026 13:39:19 |
| CVE-2026-37338 json | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php. | Thu, 16 Apr 2026 13:24:14 |
| CVE-2026-34826 json | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.get_byte_ranges parses ... | Thu, 16 Apr 2026 13:24:14 |
| CVE-2026-34786 json | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules evalu... | Thu, 16 Apr 2026 13:24:14 |
| CVE-2026-21014 json | Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User int... | Thu, 16 Apr 2026 13:24:14 |
| CVE-2026-34785 json | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a r... | Thu, 16 Apr 2026 13:24:13 |
| CVE-2026-25704 json | A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in cosmic-greeter ca... | Thu, 16 Apr 2026 13:24:13 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Thu, 16 Apr 2026 13:24:13 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Thu, 16 Apr 2026 13:24:13 |
| CVE-2026-24175 json | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed r... | Thu, 16 Apr 2026 13:09:35 |
| CVE-2026-24174 json | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed r... | Thu, 16 Apr 2026 13:09:35 |
| CVE-2026-24173 json | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed r... | Thu, 16 Apr 2026 13:09:35 |
| CVE-2026-24147 json | NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosur... | Thu, 16 Apr 2026 13:09:35 |
| CVE-2026-24146 json | NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs cou... | Thu, 16 Apr 2026 13:09:35 |
| CVE-2026-34520 json | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the de... | Thu, 16 Apr 2026 12:39:12 |
| CVE-2026-34519 json | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who cont... | Thu, 16 Apr 2026 12:39:12 |
| CVE-2026-34518 json | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redir... | Thu, 16 Apr 2026 12:39:12 |
| CVE-2026-33118 json | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Thu, 16 Apr 2026 12:39:12 |
| CVE-2026-5890 json | Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive informati... | Thu, 16 Apr 2026 12:39:12 |
| CVE-2026-5883 json | Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a ... | Thu, 16 Apr 2026 12:39:12 |
| CVE-2026-40393 json | In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-alloc... | Thu, 16 Apr 2026 12:24:16 |
| CVE-2026-37347 json | SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employ... | Thu, 16 Apr 2026 12:24:16 |
| CVE-2026-37346 json | SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_accoun... | Thu, 16 Apr 2026 12:24:16 |
| CVE-2026-37345 json | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.ph... | Thu, 16 Apr 2026 12:24:16 |
| CVE-2026-37100 json | An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound... | Thu, 16 Apr 2026 12:24:16 |
| CVE-2026-30459 json | An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the pass... | Thu, 16 Apr 2026 12:24:16 |
| CVE-2026-5426 json | Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows a... | Thu, 16 Apr 2026 12:24:16 |
| CVE-2026-31153 json | A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTM... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2026-22682 json | OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsis... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2019-25673 json | UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2019-25671 json | VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2019-25661 json | Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of se... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2019-25659 json | ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of serv... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2019-25658 json | a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application ... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2019-25656 json | R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trig... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2018-25255 json | 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local atta... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2018-25251 json | Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2018-25246 json | Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by s... | Thu, 16 Apr 2026 12:24:15 |
| CVE-2018-25245 json | 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessi... | Thu, 16 Apr 2026 12:24:14 |
| CVE-2018-25244 json | Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitt... | Thu, 16 Apr 2026 12:24:14 |