CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-24067 json | Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, wh... | Wed, 10 Jun 2026 08:17:16 |
| CVE-2026-24066 json | Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, wh... | Wed, 10 Jun 2026 08:17:16 |
| CVE-2026-11859 json | An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface ... | Wed, 10 Jun 2026 08:17:16 |
| CVE-2026-10846 json | NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matchi... | Wed, 10 Jun 2026 08:17:16 |
| CVE-2026-10118 json | A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF ... | Wed, 10 Jun 2026 08:17:16 |
| CVE-2026-0409 json | A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router ... | Wed, 10 Jun 2026 08:17:16 |
| CVE-2026-9067 json | The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX ... | Wed, 10 Jun 2026 07:32:10 |
| CVE-2026-9060 json | The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and output... | Wed, 10 Jun 2026 07:32:10 |
| CVE-2026-8071 json | The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom s... | Wed, 10 Jun 2026 07:32:10 |
| CVE-2026-3326 json | The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement ... | Wed, 10 Jun 2026 07:32:10 |
| CVE-2026-48102 json | 7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up t... | Wed, 10 Jun 2026 06:46:14 |
| CVE-2026-11853 json | Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.ds... | Wed, 10 Jun 2026 06:31:14 |
| CVE-2026-11852 json | Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine a... | Wed, 10 Jun 2026 06:31:14 |
| CVE-2026-3018 json | The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in a... | Wed, 10 Jun 2026 06:31:14 |
| CVE-2026-1784 json | The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that... | Wed, 10 Jun 2026 06:31:14 |
| CVE-2025-6254 json | The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. Thi... | Wed, 10 Jun 2026 06:31:14 |
| CVE-2026-10721 json | Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and ... | Wed, 10 Jun 2026 04:31:12 |
| CVE-2026-9076 json | Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attac... | Wed, 10 Jun 2026 04:31:12 |
| CVE-2026-9019 json | The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' ... | Wed, 10 Jun 2026 04:31:12 |
| CVE-2026-8853 json | The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up ... | Wed, 10 Jun 2026 04:31:12 |
| CVE-2026-8613 json | The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Set... | Wed, 10 Jun 2026 04:31:12 |
| CVE-2026-7383 json | Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can l... | Wed, 10 Jun 2026 04:31:12 |
| CVE-2026-45447 json | Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature ver... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-45446 json | Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Addi... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-45445 json | Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the applicat... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-42771 json | Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such a... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-42770 json | Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked fo... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-42769 json | Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Managemen... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-42768 json | Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is ... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-42767 json | Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference i... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-42766 json | Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryptio... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-42765 json | Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole ch... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-42764 json | Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QU... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-35188 json | Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request e... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-34183 json | Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_C... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-34182 json | Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-34181 json | Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Mes... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-34180 json | Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in le... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-4775 json | A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putco... | Wed, 10 Jun 2026 04:31:11 |
| CVE-2026-29116 json | A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially craf... | Wed, 10 Jun 2026 03:31:09 |
| CVE-2026-29115 json | A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafte... | Wed, 10 Jun 2026 03:31:09 |
| CVE-2026-29114 json | A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA ... | Wed, 10 Jun 2026 03:31:09 |
| CVE-2026-11815 json | An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potential... | Wed, 10 Jun 2026 03:31:09 |
| CVE-2026-26241 json | A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnera... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-26240 json | A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnera... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-11837 json | A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() funct... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-11434 json | A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of t... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-4821 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error. | Wed, 10 Jun 2026 01:30:48 |
| CVE-2025-8444 json | The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable t... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-26239 json | A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they c... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-26237 json | A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerab... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24724 json | An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user accoun... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24720 json | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24719 json | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker ga... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24717 json | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24716 json | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote atta... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-22899 json | A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user accoun... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-22893 json | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker ga... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66281 json | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attac... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66280 json | An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remo... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66279 json | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker ga... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66273 json | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker ga... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-62851 json | A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-62850 json | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote atta... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66276 json | QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 a... | Tue, 09 Jun 2026 23:30:04 |
| CVE-2025-59382 json | QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version: | Tue, 09 Jun 2026 23:30:04 |
| CVE-2025-58468 json | A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can t... | Tue, 09 Jun 2026 23:30:04 |
| CVE-2026-46532 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an ... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45542 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a h... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45541 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a N... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45329 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-se... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45328 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exp... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45160 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, a... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2019-25744 json | WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to ... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2019-25743 json | WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers t... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2019-25742 json | WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated ag... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2019-25739 json | GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious ... | Tue, 09 Jun 2026 22:29:40 |
| CVE-2019-25737 json | Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to injec... | Tue, 09 Jun 2026 22:29:40 |
| CVE-2019-25731 json | Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malici... | Tue, 09 Jun 2026 22:29:40 |
| CVE-2018-25384 json | Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts... | Tue, 09 Jun 2026 22:29:40 |
| CVE-2026-46546 json | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.... | Tue, 09 Jun 2026 21:29:14 |
| CVE-2026-44634 json | SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multipl... | Tue, 09 Jun 2026 21:29:14 |
| CVE-2026-53675 json | BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenti... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-53674 json | BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username ... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-53673 json | BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticat... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-47838 json | SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to re... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46545 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46543 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46542 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46541 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46540 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46539 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46518 json | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46517 json | LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded ... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46491 json | SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46432 json | LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy i... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46411 json | FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ab... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-45782 json | Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can caus... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-44716 json | Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-44505 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2... | Tue, 09 Jun 2026 20:28:22 |