CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-32159 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications all... | Mon, 20 Apr 2026 14:33:29 |
| CVE-2026-40151 json | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint... | Mon, 20 Apr 2026 14:33:28 |
| CVE-2026-39974 json | n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentat... | Mon, 20 Apr 2026 14:33:28 |
| CVE-2026-32158 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications all... | Mon, 20 Apr 2026 14:33:28 |
| CVE-2026-32153 json | Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | Mon, 20 Apr 2026 14:33:28 |
| CVE-2026-32151 json | Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose informa... | Mon, 20 Apr 2026 14:33:28 |
| CVE-2026-32150 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fd... | Mon, 20 Apr 2026 14:33:28 |
| CVE-2026-32149 json | Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. | Mon, 20 Apr 2026 14:33:28 |
| CVE-2026-32093 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fd... | Mon, 20 Apr 2026 14:33:28 |
| CVE-2026-35177 json | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows ov... | Mon, 20 Apr 2026 14:33:27 |
| CVE-2026-35175 json | Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin aut... | Mon, 20 Apr 2026 14:33:27 |
| CVE-2026-34756 json | vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vu... | Mon, 20 Apr 2026 14:33:27 |
| CVE-2026-34755 json | vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_... | Mon, 20 Apr 2026 14:33:27 |
| CVE-2026-34753 json | vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19.0, a server-side request... | Mon, 20 Apr 2026 14:33:27 |
| CVE-2019-25668 json | News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate databas... | Mon, 20 Apr 2026 14:33:27 |
| CVE-2019-25657 json | AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying ... | Mon, 20 Apr 2026 14:33:27 |
| CVE-2026-41389 json | OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbit... | Mon, 20 Apr 2026 14:18:28 |
| CVE-2026-39112 json | Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the v... | Mon, 20 Apr 2026 14:18:28 |
| CVE-2026-39111 json | SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email pa... | Mon, 20 Apr 2026 14:18:28 |
| CVE-2026-39110 json | SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactn... | Mon, 20 Apr 2026 14:18:28 |
| CVE-2026-39109 json | SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the user... | Mon, 20 Apr 2026 14:18:28 |
| CVE-2026-26399 json | A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allo... | Mon, 20 Apr 2026 14:18:28 |
| CVE-2026-39815 json | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F ... | Mon, 20 Apr 2026 14:18:27 |
| CVE-2026-32160 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications all... | Mon, 20 Apr 2026 14:18:27 |
| CVE-2026-30266 json | Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary c... | Mon, 20 Apr 2026 14:18:27 |
| CVE-2026-28684 json | python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_... | Mon, 20 Apr 2026 14:18:27 |
| CVE-2026-23758 json | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows auth... | Mon, 20 Apr 2026 14:18:27 |
| CVE-2026-23757 json | GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title param... | Mon, 20 Apr 2026 14:18:27 |
| CVE-2026-23756 json | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subje... | Mon, 20 Apr 2026 14:18:27 |
| CVE-2026-23753 json | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality whe... | Mon, 20 Apr 2026 14:18:27 |
| CVE-2026-23752 json | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing f... | Mon, 20 Apr 2026 14:18:27 |
| CVE-2026-33810 json | When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildca... | Mon, 20 Apr 2026 14:18:26 |
| CVE-2026-21741 json | An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 thr... | Mon, 20 Apr 2026 14:18:26 |
| CVE-2025-11419 json | A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS)... | Mon, 20 Apr 2026 14:18:26 |
| CVE-2019-25667 json | TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying... | Mon, 20 Apr 2026 14:18:26 |
| CVE-2019-25666 json | SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attacke... | Mon, 20 Apr 2026 14:18:26 |
| CVE-2019-25664 json | SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView acti... | Mon, 20 Apr 2026 14:18:26 |
| CVE-2019-25663 json | SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by ... | Mon, 20 Apr 2026 14:18:26 |
| CVE-2019-25660 json | LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending exces... | Mon, 20 Apr 2026 14:18:26 |
| CVE-2024-23104 json | An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 throug... | Mon, 20 Apr 2026 14:03:17 |
| CVE-2019-25679 json | RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Po... | Mon, 20 Apr 2026 14:03:17 |
| CVE-2019-25678 json | C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attack... | Mon, 20 Apr 2026 14:03:17 |
| CVE-2019-25676 json | Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers ... | Mon, 20 Apr 2026 14:03:17 |
| CVE-2019-25675 json | eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authe... | Mon, 20 Apr 2026 14:03:17 |
| CVE-2026-40315 json | PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConver... | Mon, 20 Apr 2026 13:48:12 |
| CVE-2026-40313 json | PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPA... | Mon, 20 Apr 2026 13:48:12 |
| CVE-2026-40289 json | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser b... | Mon, 20 Apr 2026 13:48:12 |
| CVE-2026-40288 json | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow ... | Mon, 20 Apr 2026 13:48:12 |
| CVE-2026-40287 json | PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automa... | Mon, 20 Apr 2026 13:48:12 |
| CVE-2026-39424 json | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Im... | Mon, 20 Apr 2026 13:48:12 |
| CVE-2026-39423 json | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the ... | Mon, 20 Apr 2026 13:48:12 |
| CVE-2026-39422 json | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vul... | Mon, 20 Apr 2026 13:48:12 |
| CVE-2026-39421 json | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the T... | Mon, 20 Apr 2026 13:48:11 |
| CVE-2026-39420 json | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism ... | Mon, 20 Apr 2026 13:48:11 |
| CVE-2026-39418 json | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed ... | Mon, 20 Apr 2026 13:48:11 |
| CVE-2026-39417 json | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, w... | Mon, 20 Apr 2026 13:48:11 |
| CVE-2026-39426 json | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vul... | Mon, 20 Apr 2026 13:32:59 |
| CVE-2026-39425 json | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vul... | Mon, 20 Apr 2026 13:32:59 |
| CVE-2026-39419 json | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox re... | Mon, 20 Apr 2026 13:32:59 |
| CVE-2026-41445 json | KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.... | Mon, 20 Apr 2026 13:18:00 |
| CVE-2026-40488 json | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community E... | Mon, 20 Apr 2026 13:18:00 |
| CVE-2026-40098 json | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community E... | Mon, 20 Apr 2026 13:18:00 |
| CVE-2026-35154 json | Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20... | Mon, 20 Apr 2026 13:18:00 |
| CVE-2026-30269 json | Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-... | Mon, 20 Apr 2026 13:18:00 |
| CVE-2026-6662 json | A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/serv... | Mon, 20 Apr 2026 13:18:00 |
| CVE-2026-40948 json | The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state`... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-40896 json | OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` perm... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-40480 json | ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loa... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-40348 json | Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-32690 json | Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the use... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-30912 json | In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false.... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-26951 json | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 releas... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-26943 json | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 releas... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-26942 json | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an ... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-25525 json | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community E... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-25524 json | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community E... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-25058 json | Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa tr... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-24506 json | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 releas... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-24505 json | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-24504 json | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 releas... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-22761 json | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-3219 json | pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. ... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2025-66954 json | A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enum... | Mon, 20 Apr 2026 13:17:59 |
| CVE-2026-40353 json | wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in Abstract... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-40285 json | WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/mem... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-39857 json | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass ... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-35187 json | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API functio... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-34765 json | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-34185 json | Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections ar... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-34184 json | Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read ... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-33889 json | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scri... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-33888 json | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass ... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-33877 json | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vu... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-33457 json | Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user ... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-33456 json | Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-33455 json | Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus ... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-33436 json | Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-29013 json | libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/o... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-5720 json | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a de... | Mon, 20 Apr 2026 13:17:58 |
| CVE-2026-4901 json | Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the ... | Mon, 20 Apr 2026 13:17:58 |