CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2018-25230 json | Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplyi... | Wed, 08 Apr 2026 13:44:30 |
| CVE-2026-33753 json | rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to 1.0.6, an Autho... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2026-33461 json | Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with l... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2026-33460 json | Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privilege Abuse (CAPEC-122). A... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2026-31017 json | A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Fra... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2026-30080 json | OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrit... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2026-30075 json | OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2026-4837 json | An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2026-4498 json | Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data b... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2026-2377 json | A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted ... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2025-57175 json | Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password. | Wed, 08 Apr 2026 13:30:17 |
| CVE-2025-14243 json | A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate... | Wed, 08 Apr 2026 13:30:17 |
| CVE-2023-46945 json | QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request | Wed, 08 Apr 2026 13:30:17 |
| CVE-2026-39401 json | Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-39394 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-39390 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-34371 json | LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execut... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-22177 json | OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, all... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-5083 json | Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash ... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-5082 json | Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generate_sess... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-4484 json | The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. Thi... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-4338 json | The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users t... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-4267 json | The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scri... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-0751 json | The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricing... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2025-24817 json | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements u... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2018-25231 json | HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supply... | Wed, 08 Apr 2026 13:30:16 |
| CVE-2026-1821 json | The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_reserv... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2026-1675 json | The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including,... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2026-1499 json | The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2026-1298 json | The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2026-0916 json | The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'related_pos... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2026-0820 json | The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Obje... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2026-0717 json | The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all ve... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2025-15368 json | The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via s... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2025-15260 json | The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in a... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2025-15000 json | The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page_key’ parameter in all versi... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2025-14736 json | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and includ... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2025-14461 json | The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and in... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2025-13391 json | The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable t... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2025-13139 json | The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers... | Wed, 08 Apr 2026 13:30:15 |
| CVE-2025-14875 json | The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cu... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-14467 json | The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-14447 json | The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabilit... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-14371 json | The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modi... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-14370 json | The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. T... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-14155 json | The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorize... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-14074 json | The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplicati... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-14065 json | The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-13794 json | The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized modification of data due to ... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-13403 json | The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking s... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-11877 json | The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-logi... | Wed, 08 Apr 2026 13:30:14 |
| CVE-2025-14170 json | The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-14064 json | The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability ... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-13972 json | The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big_object_origin' parameter... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-13739 json | The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `cryptx` shortcode in all versi... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-13452 json | The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authori... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-13383 json | The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and inc... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-13144 json | The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-12883 json | The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions u... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-12721 json | The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, ... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-12373 json | The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Si... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-12163 json | The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, a... | Wed, 08 Apr 2026 13:30:13 |
| CVE-2025-12560 json | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all ... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-12411 json | The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-12070 json | The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-11894 json | The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check o... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-11891 json | The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, ... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-11809 json | The WP-Force Images Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfid' shortcode in a... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-11758 json | The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-10896 json | Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-10648 json | The YourMembership Single Sign On – YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-10167 json | The Stock History & Reports Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-10139 json | The WP BookWidgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bw_link' shortcode in ... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-10054 json | The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of da... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-10045 json | The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up... | Wed, 08 Apr 2026 13:30:12 |
| CVE-2025-10744 json | The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-10412 json | The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable t... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-9131 json | The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in al... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-9130 json | The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unify_checkout sho... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-9112 json | The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-9045 json | The Easy Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in ... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-8619 json | The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-8566 json | The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via parameters in the Cou... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-7650 json | The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-6786 json | The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-6687 json | The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-butt... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-6221 json | The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versio... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-5393 json | The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion du... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-5391 json | The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path v... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-5084 json | The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray['read_more_tex... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-0763 json | The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing cap... | Wed, 08 Apr 2026 13:30:11 |
| CVE-2025-5701 json | The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalati... | Wed, 08 Apr 2026 13:30:10 |
| CVE-2025-5490 json | The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to,... | Wed, 08 Apr 2026 13:30:10 |
| CVE-2025-5338 json | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all vers... | Wed, 08 Apr 2026 13:30:10 |
| CVE-2025-4666 json | The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versio... | Wed, 08 Apr 2026 13:30:10 |
| CVE-2025-4603 json | The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... | Wed, 08 Apr 2026 13:30:10 |
| CVE-2025-4602 json | The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to,... | Wed, 08 Apr 2026 13:30:10 |
| CVE-2025-4585 json | The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in al... | Wed, 08 Apr 2026 13:30:10 |
| CVE-2025-4583 json | The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scri... | Wed, 08 Apr 2026 13:30:10 |
| CVE-2025-4431 json | The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification o... | Wed, 08 Apr 2026 13:30:10 |