CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-8425 json | The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1.... | Fri, 15 May 2026 05:28:25 |
| CVE-2026-8398 json | A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 throu... | Fri, 15 May 2026 05:28:25 |
| CVE-2026-7563 json | The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauth... | Fri, 15 May 2026 05:28:25 |
| CVE-2026-7046 json | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection vi... | Fri, 15 May 2026 05:28:25 |
| CVE-2026-44088 json | SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the fi... | Fri, 15 May 2026 05:28:24 |
| CVE-2026-6415 json | The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to ... | Fri, 15 May 2026 05:28:24 |
| CVE-2026-6403 json | The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due ... | Fri, 15 May 2026 05:28:24 |
| CVE-2026-6228 json | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3... | Fri, 15 May 2026 05:28:24 |
| CVE-2026-5229 json | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is d... | Fri, 15 May 2026 05:28:24 |
| CVE-2026-4683 json | The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing cap... | Fri, 15 May 2026 05:28:24 |
| CVE-2026-41702 json | VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SET... | Fri, 15 May 2026 03:27:21 |
| CVE-2026-8654 json | Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating s... | Fri, 15 May 2026 03:27:21 |
| CVE-2026-6646 json | The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versio... | Fri, 15 May 2026 03:27:21 |
| CVE-2026-4094 json | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due t... | Fri, 15 May 2026 03:27:21 |
| CVE-2026-43490 json | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_da... | Fri, 15 May 2026 02:26:54 |
| CVE-2026-28761 json | Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and ea... | Fri, 15 May 2026 02:26:54 |
| CVE-2026-24662 json | Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier.... | Fri, 15 May 2026 02:26:54 |
| CVE-2026-8612 json | WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, e... | Fri, 15 May 2026 02:26:54 |
| CVE-2026-0481 json | Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform ... | Fri, 15 May 2026 01:25:47 |
| CVE-2025-54518 json | Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corr... | Fri, 15 May 2026 01:25:47 |
| CVE-2025-52532 json | A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global v... | Fri, 15 May 2026 01:25:46 |
| CVE-2024-36334 json | Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installati... | Fri, 15 May 2026 01:25:46 |
| CVE-2024-36333 json | A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially ... | Fri, 15 May 2026 01:25:46 |
| CVE-2024-36323 json | Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform u... | Fri, 15 May 2026 01:25:46 |
| CVE-2024-21950 json | An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory ou... | Fri, 15 May 2026 01:25:46 |
| CVE-2022-23817 json | Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted... | Fri, 15 May 2026 01:25:46 |
| CVE-2026-7373 json | Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of ... | Thu, 14 May 2026 23:23:22 |
| CVE-2026-2652 json | A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the ... | Thu, 14 May 2026 23:23:22 |
| CVE-2026-0428 json | Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_... | Thu, 14 May 2026 23:23:22 |
| CVE-2026-0427 json | Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual m... | Thu, 14 May 2026 23:23:22 |
| CVE-2025-66664 json | Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed... | Thu, 14 May 2026 23:23:22 |
| CVE-2025-66660 json | Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK... | Thu, 14 May 2026 23:23:22 |
| CVE-2025-54517 json | Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote c... | Thu, 14 May 2026 23:23:22 |
| CVE-2025-54511 json | Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input va... | Thu, 14 May 2026 23:23:22 |
| CVE-2025-48516 json | Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local us... | Thu, 14 May 2026 23:23:22 |
| CVE-2025-48513 json | Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitiali... | Thu, 14 May 2026 23:23:21 |
| CVE-2025-29944 json | A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potent... | Thu, 14 May 2026 23:23:21 |
| CVE-2025-29938 json | An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary... | Thu, 14 May 2026 23:23:21 |
| CVE-2025-29937 json | An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbi... | Thu, 14 May 2026 23:23:21 |
| CVE-2025-29936 json | Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memor... | Thu, 14 May 2026 23:23:21 |
| CVE-2025-29935 json | An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code a... | Thu, 14 May 2026 23:23:21 |
| CVE-2025-0044 json | An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead t... | Thu, 14 May 2026 23:23:21 |
| CVE-2025-0040 json | Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an att... | Thu, 14 May 2026 23:23:21 |
| CVE-2025-0028 json | An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an ar... | Thu, 14 May 2026 23:23:21 |
| CVE-2024-36332 json | Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perf... | Thu, 14 May 2026 23:23:21 |
| CVE-2024-21962 json | Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially... | Thu, 14 May 2026 23:23:21 |
| CVE-2023-31317 json | Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an atta... | Thu, 14 May 2026 23:23:21 |
| CVE-2023-31316 json | Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Proces... | Thu, 14 May 2026 23:23:21 |
| CVE-2023-31309 json | Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload argu... | Thu, 14 May 2026 23:23:21 |
| CVE-2022-23826 json | A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating... | Thu, 14 May 2026 23:23:21 |
| CVE-2021-26380 json | A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the in... | Thu, 14 May 2026 23:23:21 |
| CVE-2026-0438 json | A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileg... | Thu, 14 May 2026 22:23:14 |
| CVE-2026-0432 json | Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve pri... | Thu, 14 May 2026 22:23:14 |
| CVE-2025-52540 json | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attack... | Thu, 14 May 2026 22:23:14 |
| CVE-2025-48521 json | Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Fr... | Thu, 14 May 2026 22:23:14 |
| CVE-2025-48520 json | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attack... | Thu, 14 May 2026 22:23:14 |
| CVE-2025-48519 json | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attack... | Thu, 14 May 2026 22:23:13 |
| CVE-2025-48512 json | Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could ... | Thu, 14 May 2026 22:23:13 |
| CVE-2025-0045 json | Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow... | Thu, 14 May 2026 22:23:13 |
| CVE-2024-36345 json | Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to... | Thu, 14 May 2026 22:23:13 |
| CVE-2026-42011 json | A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previo... | Thu, 14 May 2026 19:23:10 |
| CVE-2026-42010 json | A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched... | Thu, 14 May 2026 19:23:10 |
| CVE-2026-5201 json | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due... | Thu, 14 May 2026 19:23:09 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Thu, 14 May 2026 19:23:09 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Thu, 14 May 2026 19:23:09 |
| CVE-2026-4111 json | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read... | Thu, 14 May 2026 19:23:09 |
| CVE-2025-14831 json | A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) an... | Thu, 14 May 2026 19:23:09 |
| CVE-2012-4550 json | A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (E... | Thu, 14 May 2026 19:23:09 |
| CVE-2012-4549 json | A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.sec... | Thu, 14 May 2026 19:23:09 |
| CVE-2026-45248 json | Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoi... | Thu, 14 May 2026 18:22:52 |
| CVE-2026-6811 json | Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON doc... | Thu, 14 May 2026 18:22:52 |
| CVE-2026-44671 json | ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discove... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-44428 json | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the clie... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-44427 json | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8584 json | Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compr... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8583 json | Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who ha... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8582 json | Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensi... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8575 json | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer proc... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8574 json | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the ... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8573 json | Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perfo... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8571 json | Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had ... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8570 json | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive infor... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8569 json | Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perfor... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8567 json | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of ... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8565 json | Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8564 json | Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to p... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8561 json | Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8560 json | Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perf... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8559 json | Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to per... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8558 json | Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code ins... | Thu, 14 May 2026 18:22:51 |
| CVE-2026-8553 json | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer pro... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8552 json | Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out o... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8550 json | Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the rend... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8548 json | Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the rende... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8546 json | Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compr... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8543 json | Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a us... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8542 json | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the ... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8541 json | Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer ... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8539 json | Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbi... | Thu, 14 May 2026 18:22:50 |
| CVE-2026-8538 json | Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had ... | Thu, 14 May 2026 18:22:50 |