CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-39832 json | When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in... | Thu, 28 May 2026 11:22:26 |
| CVE-2026-23679 json | libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by... | Thu, 28 May 2026 11:22:26 |
| CVE-2026-46597 json | An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inp... | Thu, 28 May 2026 11:07:15 |
| CVE-2026-46595 json | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback... | Thu, 28 May 2026 11:07:15 |
| CVE-2026-42508 json | Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key... | Thu, 28 May 2026 11:07:15 |
| CVE-2026-39835 json | SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused... | Thu, 28 May 2026 11:07:15 |
| CVE-2026-39834 json | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size ... | Thu, 28 May 2026 11:07:15 |
| CVE-2026-39833 json | The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced... | Thu, 28 May 2026 11:07:14 |
| CVE-2026-23301 json | In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name... | Thu, 28 May 2026 11:07:14 |
| CVE-2026-46598 json | For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. | Thu, 28 May 2026 10:37:12 |
| CVE-2026-44214 json | eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-e... | Thu, 28 May 2026 10:37:12 |
| CVE-2026-32201 json | Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | Thu, 28 May 2026 10:37:12 |
| CVE-2026-9572 json | A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the... | Thu, 28 May 2026 10:37:12 |
| CVE-2026-5272 json | Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via ... | Thu, 28 May 2026 10:37:11 |
| CVE-2026-9828 json | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core)... | Thu, 28 May 2026 10:22:10 |
| CVE-2026-8990 json | A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant him... | Thu, 28 May 2026 10:22:10 |
| CVE-2026-8980 json | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privile... | Thu, 28 May 2026 10:22:10 |
| CVE-2026-49238 json | An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), whi... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-49237 json | An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. Wh... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-46544 json | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft ... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-46416 json | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft ... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-42250 json | bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-40914 json | A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-37579 json | An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessage... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-37266 json | An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code ... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-9673 json | Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection ... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-8979 json | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remot... | Thu, 28 May 2026 10:22:09 |
| CVE-2026-49009 json | Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal. | Thu, 28 May 2026 10:22:08 |
| CVE-2026-47161 json | RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its... | Thu, 28 May 2026 10:22:08 |
| CVE-2026-45322 json | Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up... | Thu, 28 May 2026 10:22:08 |
| CVE-2026-45152 json | uniget is a universal installer and updater for (container) tools. Prior to 0.27.1, a command injection vulnerability exists ... | Thu, 28 May 2026 10:22:08 |
| CVE-2026-45137 json | Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, a... | Thu, 28 May 2026 10:22:08 |
| CVE-2026-44888 json | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endp... | Thu, 28 May 2026 10:22:08 |
| CVE-2026-44887 json | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configurati... | Thu, 28 May 2026 10:22:08 |
| CVE-2026-44886 json | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web applica... | Thu, 28 May 2026 10:22:08 |
| CVE-2026-44711 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad dir... | Thu, 28 May 2026 10:22:08 |
| CVE-2026-8362 json | A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /wos... | Thu, 28 May 2026 10:22:08 |
| CVE-2026-45715 json | Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrati... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-45087 json | Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in RE... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-44635 json | Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not es... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-44590 json | Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow va... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-38422 json | Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-36540 json | Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-36539 json | Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-36538 json | Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-36045 json | picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guar... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-33552 json | Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. | Thu, 28 May 2026 10:22:07 |
| CVE-2026-9628 json | A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/fo... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-9605 json | A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of th... | Thu, 28 May 2026 10:22:07 |
| CVE-2026-48902 json | The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explic... | Thu, 28 May 2026 10:22:06 |
| CVE-2026-48901 json | The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | Thu, 28 May 2026 10:22:06 |
| CVE-2026-48864 json | A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data... | Thu, 28 May 2026 10:22:06 |
| CVE-2026-44723 json | Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_req... | Thu, 28 May 2026 10:22:06 |
| CVE-2026-42497 json | Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. ... | Thu, 28 May 2026 10:22:06 |
| CVE-2026-42496 json | Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory... | Thu, 28 May 2026 10:22:06 |
| CVE-2026-9581 json | A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment... | Thu, 28 May 2026 10:22:06 |
| CVE-2026-9538 json | Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _... | Thu, 28 May 2026 10:22:06 |
| CVE-2026-48792 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignor... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-48066 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a proce... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-48065 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap ... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-48064 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is conf... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-47270 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module lo... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-47269 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote fea... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-44713 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user'... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-44712 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(i... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-44710 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the re... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-44709 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the ... | Thu, 28 May 2026 10:06:15 |
| CVE-2026-47274 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper to... | Thu, 28 May 2026 10:06:14 |
| CVE-2026-47273 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expre... | Thu, 28 May 2026 10:06:14 |
| CVE-2026-47272 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusb_pad_compare() fun... | Thu, 28 May 2026 10:06:14 |
| CVE-2026-47271 json | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-... | Thu, 28 May 2026 10:06:14 |
| CVE-2026-7101 json | A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/Wrlclien... | Thu, 28 May 2026 10:06:14 |
| CVE-2026-5781 json | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow ... | Thu, 28 May 2026 10:06:14 |
| CVE-2026-46241 json | In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure... | Thu, 28 May 2026 09:50:32 |
| CVE-2026-46240 json | In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal... | Thu, 28 May 2026 09:50:32 |
| CVE-2026-46239 json | In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ct... | Thu, 28 May 2026 09:50:32 |
| CVE-2026-46238 json | In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in ... | Thu, 28 May 2026 09:50:32 |
| CVE-2026-46237 json | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Avoid overflow on msg bound check As p... | Thu, 28 May 2026 09:50:32 |
| CVE-2026-46236 json | In the Linux kernel, the following vulnerability has been resolved: media: rc: xbox_remote: heed DMA restrictions The buffe... | Thu, 28 May 2026 09:50:32 |
| CVE-2026-46235 json | In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups ... | Thu, 28 May 2026 09:50:31 |
| CVE-2026-46234 json | In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_b... | Thu, 28 May 2026 09:50:31 |
| CVE-2026-46233 json | In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When ba... | Thu, 28 May 2026 09:50:31 |
| CVE-2026-46232 json | In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device woul... | Thu, 28 May 2026 09:50:31 |
| CVE-2026-46231 json | In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim ... | Thu, 28 May 2026 09:50:31 |
| CVE-2026-46230 json | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg ... | Thu, 28 May 2026 09:50:31 |
| CVE-2026-46229 json | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale da... | Thu, 28 May 2026 09:50:31 |
| CVE-2026-46228 json | In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB... | Thu, 28 May 2026 09:50:31 |
| CVE-2026-46227 json | In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctp_sendmsg_to_asoc(... | Thu, 28 May 2026 09:50:31 |
| CVE-2026-46226 json | In the Linux kernel, the following vulnerability has been resolved: spi: fsl: fix controller deregistration Make sure to de... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46225 json | In the Linux kernel, the following vulnerability has been resolved: spi: rspi: fix controller deregistration Make sure to d... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46224 json | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocati... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46223 json | In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpu_ref kill on rmdir until cgroup ... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46222 json | In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST_CONNECT flag to... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46221 json | In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device ... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46220 json | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence e... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46219 json | In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state ma... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46218 json | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ib_{get,set}_value T... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46217 json | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid overflow on msg bound check As p... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46216 json | In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_g... | Thu, 28 May 2026 09:50:30 |
| CVE-2026-46215 json | In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_... | Thu, 28 May 2026 09:50:29 |