CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-40073 json | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under cert... | Wed, 15 Apr 2026 14:53:35 |
| CVE-2026-35646 json | OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allo... | Wed, 15 Apr 2026 14:53:35 |
| CVE-2026-35180 json | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize_... | Wed, 15 Apr 2026 14:53:35 |
| CVE-2026-33175 json | OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version ... | Wed, 15 Apr 2026 14:53:35 |
| CVE-2026-5055 json | NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attacker... | Wed, 15 Apr 2026 14:53:35 |
| CVE-2026-5054 json | NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers t... | Wed, 15 Apr 2026 14:53:35 |
| CVE-2026-5053 json | NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to d... | Wed, 15 Apr 2026 14:53:35 |
| CVE-2026-35455 json | immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (X... | Wed, 15 Apr 2026 14:38:35 |
| CVE-2026-27290 json | Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attacker... | Wed, 15 Apr 2026 14:38:35 |
| CVE-2026-25118 json | immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application ... | Wed, 15 Apr 2026 14:38:35 |
| CVE-2026-33214 json | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints,... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-33212 json | Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending task... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-32631 json | Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-30995 json | Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.ph... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-30993 json | Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at ... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-30616 json | Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-30615 json | A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim syst... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-30364 json | CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function. | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-27295 json | Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitr... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-27294 json | Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file,... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-27293 json | Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in ... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-27292 json | Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary co... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-25219 json | The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This mea... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-6290 json | Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the ... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-5758 json | JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may a... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-5088 json | Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _ma... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2024-53412 json | Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell com... | Wed, 15 Apr 2026 14:23:35 |
| CVE-2026-29955 json | The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The com... | Wed, 15 Apr 2026 14:23:34 |
| CVE-2026-5713 json | The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "p... | Wed, 15 Apr 2026 14:23:34 |
| CVE-2025-51414 json | In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile pictu... | Wed, 15 Apr 2026 14:23:34 |
| CVE-2026-39890 json | PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library... | Wed, 15 Apr 2026 14:08:34 |
| CVE-2026-39889 json | PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes a... | Wed, 15 Apr 2026 14:08:34 |
| CVE-2026-34828 json | listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a ses... | Wed, 15 Apr 2026 13:53:33 |
| CVE-2026-34538 json | Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG R... | Wed, 15 Apr 2026 13:53:33 |
| CVE-2026-34425 json | OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that ... | Wed, 15 Apr 2026 13:53:33 |
| CVE-2026-5368 json | A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the fi... | Wed, 15 Apr 2026 13:53:33 |
| CVE-2026-34932 json | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that c... | Wed, 15 Apr 2026 13:38:34 |
| CVE-2026-34512 json | OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that... | Wed, 15 Apr 2026 13:38:34 |
| CVE-2026-27301 json | Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to me... | Wed, 15 Apr 2026 13:38:34 |
| CVE-2026-27300 json | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead... | Wed, 15 Apr 2026 13:38:34 |
| CVE-2026-27299 json | Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to ar... | Wed, 15 Apr 2026 13:38:34 |
| CVE-2026-27298 json | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion')... | Wed, 15 Apr 2026 13:38:34 |
| CVE-2026-27297 json | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that cou... | Wed, 15 Apr 2026 13:38:34 |
| CVE-2026-27296 json | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that cou... | Wed, 15 Apr 2026 13:38:34 |
| CVE-2026-34931 json | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability th... | Wed, 15 Apr 2026 13:38:33 |
| CVE-2026-34848 json | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the... | Wed, 15 Apr 2026 13:38:33 |
| CVE-2026-34847 json | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open ... | Wed, 15 Apr 2026 13:38:33 |
| CVE-2026-34832 json | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authori... | Wed, 15 Apr 2026 13:38:33 |
| CVE-2026-34743 json | XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_de... | Wed, 15 Apr 2026 13:38:33 |
| CVE-2026-30996 json | An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory ... | Wed, 15 Apr 2026 13:23:35 |
| CVE-2026-6372 json | Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Ac... | Wed, 15 Apr 2026 13:23:35 |
| CVE-2026-6370 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Ca... | Wed, 15 Apr 2026 13:23:35 |
| CVE-2026-30994 json | Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sens... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20186 json | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary co... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20184 json | A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an una... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20180 json | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary co... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20170 json | A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remot... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20161 json | A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privi... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20152 json | A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20148 json | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attack... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20147 json | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20136 json | A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) co... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20132 json | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authent... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20081 json | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary f... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20078 json | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary f... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20061 json | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20060 json | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attack... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-20059 json | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attack... | Wed, 15 Apr 2026 13:23:34 |
| CVE-2026-39884 json | mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain ... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2026-39374 json | Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member (... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2026-39373 json | JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker c... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2026-39356 json | Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers ... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2026-35632 json | OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2026-35631 json | OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2026-35626 json | OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that b... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2026-35589 json | nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability ex... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2026-5588 json | : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (p... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2025-63029 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketpl... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2025-15636 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-design YouTube ... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2025-15635 json | Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cross Site Request Forgery.Th... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2025-15610 json | Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.... | Wed, 15 Apr 2026 13:23:33 |
| CVE-2026-35611 json | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to... | Wed, 15 Apr 2026 13:23:32 |
| CVE-2026-35608 json | QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview e... | Wed, 15 Apr 2026 13:23:32 |
| CVE-2019-25575 json | SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL ... | Wed, 15 Apr 2026 13:23:32 |
| CVE-2019-25572 json | NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting ... | Wed, 15 Apr 2026 13:23:32 |
| CVE-2026-35637 json | OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work a... | Wed, 15 Apr 2026 13:08:32 |
| CVE-2026-35635 json | OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows ... | Wed, 15 Apr 2026 13:08:32 |
| CVE-2026-35633 json | OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allo... | Wed, 15 Apr 2026 13:08:32 |
| CVE-2019-25577 json | SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrar... | Wed, 15 Apr 2026 13:08:32 |
| CVE-2019-25576 json | Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrar... | Wed, 15 Apr 2026 13:08:32 |
| CVE-2026-35639 json | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an oper... | Wed, 15 Apr 2026 12:53:32 |
| CVE-2026-35638 json | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated session... | Wed, 15 Apr 2026 12:53:32 |
| CVE-2019-25589 json | ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attacke... | Wed, 15 Apr 2026 12:53:32 |
| CVE-2019-25580 json | ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by ... | Wed, 15 Apr 2026 12:53:32 |
| CVE-2026-33252 json | The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted brow... | Wed, 15 Apr 2026 12:38:31 |
| CVE-2026-4640 json | Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote ... | Wed, 15 Apr 2026 12:38:31 |
| CVE-2026-4639 json | Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote a... | Wed, 15 Apr 2026 12:38:31 |
| CVE-2026-30625 json | Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application ... | Wed, 15 Apr 2026 12:23:35 |
| CVE-2026-30624 json | Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The applic... | Wed, 15 Apr 2026 12:23:35 |
| CVE-2026-30617 json | LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution h... | Wed, 15 Apr 2026 12:23:35 |