CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-54665 json | Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alte... | Mon, 22 Jun 2026 12:49:39 |
| CVE-2026-44914 json | Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components wi... | Mon, 22 Jun 2026 12:49:39 |
| CVE-2026-44913 json | Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 a... | Mon, 22 Jun 2026 12:49:39 |
| CVE-2026-44911 json | Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients w... | Mon, 22 Jun 2026 12:49:39 |
| CVE-2026-12811 json | A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.p... | Mon, 22 Jun 2026 12:49:39 |
| CVE-2025-66336 json | Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is d... | Mon, 22 Jun 2026 12:49:39 |
| CVE-2025-62198 json | An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to... | Mon, 22 Jun 2026 12:49:39 |
| CVE-2026-12799 json | A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_us... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12798 json | A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_s... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12797 json | A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12796 json | A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid o... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12795 json | A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/prox... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12774 json | A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _e... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12773 json | A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/p... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12772 json | A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file ... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12771 json | A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/au... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12770 json | A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litel... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-12119 json | The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check ... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-11912 json | The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization chec... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-11911 json | The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation i... | Mon, 22 Jun 2026 12:49:38 |
| CVE-2026-49872 json | Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibl... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-49871 json | Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a r... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-49231 json | Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream ... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-49230 json | Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configurat... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-48895 json | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some clien... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-47341 json | Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in ... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-47339 json | Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default con... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-44915 json | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-44087 json | Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default confi... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-44046 json | Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default con... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-39999 json | Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitali... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-39998 json | Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forwar... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-12238 json | The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, ... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-11551 json | The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and includi... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-9843 json | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due t... | Mon, 22 Jun 2026 12:49:37 |
| CVE-2026-12430 json | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-12157 json | The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-11989 json | The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnera... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-11775 json | The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includi... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-10779 json | The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-10034 json | The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-9013 json | The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-8713 json | The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path valida... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-8118 json | The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary Fil... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-7547 json | The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in ver... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-7515 json | The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-6798 json | The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up ... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-4328 json | The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-3640 json | The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and inc... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-1856 json | The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field l... | Mon, 22 Jun 2026 12:49:36 |
| CVE-2026-12530 json | Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions ... | Mon, 22 Jun 2026 12:49:35 |
| CVE-2026-56104 json | Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inheri... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-54268 json | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other lang... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-54267 json | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other lang... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-54266 json | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other lang... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-54265 json | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other lang... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-54264 json | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other lang... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-53655 json | node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (an... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-53550 json | js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustio... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-52725 json | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other lang... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-50557 json | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other lang... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-50178 json | The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angu... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-9610 json | IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-9320 json | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vu... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-9072 json | IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty - when using Int... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-9071 json | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vu... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-9006 json | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configu... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-8934 json | A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Consol... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-8858 json | IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-8823 json | Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to guests which al... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-8646 json | IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vul... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-8636 json | IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user pas... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-8059 json | IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. ... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-7664 json | IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and exec... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-7253 json | IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a f... | Mon, 22 Jun 2026 12:17:23 |
| CVE-2026-56342 json | AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenti... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-56319 json | Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allow... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-56276 json | Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated user... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-54100 json | A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-49241 json | The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-41049 json | Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any l... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-41048 json | Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacke... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-41047 json | Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to ... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-41046 json | A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use ... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-41045 json | A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSna... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-12725 json | A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS o... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-12628 json | IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-12549 json | The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general s... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-12479 json | A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method withi... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-11943 json | Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoic... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-11942 json | Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-11373 json | Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the sta... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-11372 json | IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an auth... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-10845 json | IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized ac... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2025-71331 json | Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messa... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2025-2669 json | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileg... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2024-51454 json | IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2023-33854 json | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an aut... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2019-25763 json | WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to... | Mon, 22 Jun 2026 12:17:22 |
| CVE-2026-56213 json | Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER funct... | Mon, 22 Jun 2026 12:17:21 |