CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.

Read the API docs

[rss] [api]
Recent CVEs
Recently updated CVE records
CVE Description Updated
CVE-2026-13756 json The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. T... Fri, 10 Jul 2026 22:27:23
CVE-2026-11426 json The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including,... Fri, 10 Jul 2026 22:27:23
CVE-2026-55175 json Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 20... Fri, 10 Jul 2026 19:26:13
CVE-2026-44383 json Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy ... Fri, 10 Jul 2026 19:26:13
CVE-2026-42952 json Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow a... Fri, 10 Jul 2026 19:26:13
CVE-2026-40066 json Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a... Fri, 10 Jul 2026 19:26:13
CVE-2026-31927 json Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.... Fri, 10 Jul 2026 19:26:13
CVE-2026-20744 json The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege esc... Fri, 10 Jul 2026 19:26:13
CVE-2026-15089 json vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. Fri, 10 Jul 2026 19:26:13
CVE-2026-15087 json vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. Fri, 10 Jul 2026 19:26:13
CVE-2026-15086 json vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] ver... Fri, 10 Jul 2026 19:26:13
CVE-2026-14480 json OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workfl... Fri, 10 Jul 2026 19:26:13
CVE-2026-14286 json Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Fri, 10 Jul 2026 19:26:13
CVE-2026-11915 json vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*... Fri, 10 Jul 2026 19:26:13
CVE-2026-11914 json vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. Fri, 10 Jul 2026 19:26:13
CVE-2026-11913 json vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. Fri, 10 Jul 2026 19:26:13
CVE-2026-59155 json Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/... Fri, 10 Jul 2026 18:26:14
CVE-2026-58591 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox allows ... Fri, 10 Jul 2026 18:26:14
CVE-2026-58590 json Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0... Fri, 10 Jul 2026 18:26:14
CVE-2026-58589 json Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0... Fri, 10 Jul 2026 18:26:14
CVE-2026-58588 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas al... Fri, 10 Jul 2026 18:26:14
CVE-2026-58587 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas al... Fri, 10 Jul 2026 18:26:14
CVE-2026-58503 json Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the ... Fri, 10 Jul 2026 18:26:14
CVE-2026-57584 json Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default ... Fri, 10 Jul 2026 18:26:14
CVE-2026-55884 json Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP serv... Fri, 10 Jul 2026 18:26:14
CVE-2026-55883 json Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket... Fri, 10 Jul 2026 18:26:14
CVE-2026-55882 json Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mo... Fri, 10 Jul 2026 18:26:14
CVE-2026-55852 json Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import b... Fri, 10 Jul 2026 18:26:14
CVE-2026-55810 json Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing all... Fri, 10 Jul 2026 18:26:14
CVE-2026-55809 json Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field ... Fri, 10 Jul 2026 18:26:14
CVE-2026-55808 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allo... Fri, 10 Jul 2026 18:26:14
CVE-2026-55807 json Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects... Fri, 10 Jul 2026 18:26:13
CVE-2026-55806 json URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue a... Fri, 10 Jul 2026 18:26:13
CVE-2026-55804 json Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Obj... Fri, 10 Jul 2026 18:26:13
CVE-2026-55803 json Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Obj... Fri, 10 Jul 2026 18:26:13
CVE-2026-55187 json Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incom... Fri, 10 Jul 2026 18:26:13
CVE-2026-54736 json Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the atta... Fri, 10 Jul 2026 18:26:13
CVE-2026-52761 json ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 thr... Fri, 10 Jul 2026 18:26:13
CVE-2026-52747 json ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.1... Fri, 10 Jul 2026 18:26:13
CVE-2026-49844 json Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces outpu... Fri, 10 Jul 2026 18:26:13
CVE-2026-49394 json Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the update_page end... Fri, 10 Jul 2026 18:26:13
CVE-2026-49213 json TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqU... Fri, 10 Jul 2026 18:26:13
CVE-2026-48127 json Frappe is a full-stack web application framework. Prior to 16.20.0 and 15.110.0, users without write access could attach file... Fri, 10 Jul 2026 18:26:13
CVE-2026-47422 json Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked appropriate... Fri, 10 Jul 2026 18:26:13
CVE-2026-47199 json Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, check_safe_sql_query permitted SELECT INTO O... Fri, 10 Jul 2026 18:26:13
CVE-2026-44795 json Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, u... Fri, 10 Jul 2026 18:26:13
CVE-2026-42219 json Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via download_backups was poss... Fri, 10 Jul 2026 18:26:13
CVE-2026-41482 json Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were pos... Fri, 10 Jul 2026 18:26:13
CVE-2026-15085 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI SEO/GEO Analy... Fri, 10 Jul 2026 18:26:13
CVE-2026-15084 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Patterns (SDC... Fri, 10 Jul 2026 18:26:12
CVE-2026-15083 json Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition... Fri, 10 Jul 2026 18:26:12
CVE-2026-15082 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Siteimprove Anal... Fri, 10 Jul 2026 18:26:12
CVE-2026-15081 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Location Selecto... Fri, 10 Jul 2026 18:26:12
CVE-2026-15080 json Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This ... Fri, 10 Jul 2026 18:26:12
CVE-2026-15079 json Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issu... Fri, 10 Jul 2026 18:26:12
CVE-2026-13244 json Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Managem... Fri, 10 Jul 2026 18:26:12
CVE-2026-13243 json Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affe... Fri, 10 Jul 2026 18:26:12
CVE-2026-13242 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Geolocation Fiel... Fri, 10 Jul 2026 18:26:12
CVE-2026-13241 json Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: fr... Fri, 10 Jul 2026 18:26:12
CVE-2026-13240 json Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: fr... Fri, 10 Jul 2026 18:26:12
CVE-2026-13239 json Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0... Fri, 10 Jul 2026 18:26:12
CVE-2026-13238 json Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affect... Fri, 10 Jul 2026 18:26:12
CVE-2026-13237 json Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: fr... Fri, 10 Jul 2026 18:26:12
CVE-2026-13236 json Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from... Fri, 10 Jul 2026 18:26:12
CVE-2026-13235 json Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (A... Fri, 10 Jul 2026 18:26:12
CVE-2026-13234 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial I... Fri, 10 Jul 2026 18:26:12
CVE-2026-13233 json Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue aff... Fri, 10 Jul 2026 18:26:12
CVE-2026-13232 json Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Forceful Browsing. This... Fri, 10 Jul 2026 18:26:12
CVE-2026-13231 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Advanced Content... Fri, 10 Jul 2026 18:26:12
CVE-2026-12535 json Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows... Fri, 10 Jul 2026 18:26:12
CVE-2026-11909 json Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples f... Fri, 10 Jul 2026 18:26:11
CVE-2026-11908 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows St... Fri, 10 Jul 2026 18:26:11
CVE-2026-10770 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by Cle... Fri, 10 Jul 2026 18:26:11
CVE-2026-10769 json Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Commerce Core al... Fri, 10 Jul 2026 18:26:11
CVE-2026-10768 json Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workfl... Fri, 10 Jul 2026 18:26:11
CVE-2026-58499 json EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ... Fri, 10 Jul 2026 17:26:13
CVE-2026-57807 json Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single ... Fri, 10 Jul 2026 17:26:13
CVE-2026-57575 json Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery... Fri, 10 Jul 2026 17:26:13
CVE-2026-57574 json Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based... Fri, 10 Jul 2026 17:26:13
CVE-2026-57230 json OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise edition... Fri, 10 Jul 2026 17:26:13
CVE-2026-9726 json Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeComm... Fri, 10 Jul 2026 17:26:13
CVE-2026-7639 json Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after fre... Fri, 10 Jul 2026 17:26:13
CVE-2026-57221 json RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authoriz... Fri, 10 Jul 2026 17:26:12
CVE-2026-57220 json RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured st... Fri, 10 Jul 2026 17:26:12
CVE-2026-57219 json RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoin... Fri, 10 Jul 2026 17:26:12
CVE-2026-57218 json RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receivi... Fri, 10 Jul 2026 17:26:12
CVE-2026-57217 json RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can a... Fri, 10 Jul 2026 17:26:12
CVE-2026-57216 json RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream P... Fri, 10 Jul 2026 17:26:12
CVE-2026-57215 json RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings t... Fri, 10 Jul 2026 17:26:12
CVE-2026-57214 json RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue... Fri, 10 Jul 2026 17:26:12
CVE-2026-57213 json RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_federation_management... Fri, 10 Jul 2026 17:26:12
CVE-2026-57212 json RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_management HTTP API a... Fri, 10 Jul 2026 17:26:12
CVE-2026-57211 json RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static fil... Fri, 10 Jul 2026 17:26:12
CVE-2026-55881 json OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 down... Fri, 10 Jul 2026 17:26:12
CVE-2026-55880 json OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran thei... Fri, 10 Jul 2026 17:26:12
CVE-2026-55879 json OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event... Fri, 10 Jul 2026 17:26:12
CVE-2026-55665 json Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting... Fri, 10 Jul 2026 17:26:12
CVE-2026-55664 json Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and c... Fri, 10 Jul 2026 17:26:12
CVE-2026-55659 json Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embe... Fri, 10 Jul 2026 17:26:12
CVE-2026-55405 json LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-b... Fri, 10 Jul 2026 17:26:12
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report