CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-40683 json | In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when ... | Tue, 14 Apr 2026 16:29:33 |
| CVE-2026-40385 json | In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-40188 json | goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the sour... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-35041 json | fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-34630 json | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in ar... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-34618 json | Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbit... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-33929 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-31924 json | Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext ... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-27313 json | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in ar... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-27312 json | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in ar... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-27311 json | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in ar... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-27310 json | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in ar... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-27289 json | Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, ... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-27222 json | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application deni... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-5752 json | Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScri... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-5444 json | A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedd... | Tue, 14 Apr 2026 16:29:32 |
| CVE-2026-39361 json | OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment_url function in src/hand... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-35516 json | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::chec... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-35490 json | changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required deco... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-35458 json | Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-su... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-34951 json | Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.c... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-34783 json | Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's ... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-34578 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes t... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-5443 json | A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-5442 json | A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representati... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-5441 json | An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` dec... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-5440 json | A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server ... | Tue, 14 Apr 2026 16:29:31 |
| CVE-2026-34940 json | KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/model... | Tue, 14 Apr 2026 16:29:30 |
| CVE-2026-40189 json | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-a... | Tue, 14 Apr 2026 16:14:16 |
| CVE-2026-40168 json | Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Althoug... | Tue, 14 Apr 2026 16:14:16 |
| CVE-2026-39983 json | basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in f... | Tue, 14 Apr 2026 16:14:16 |
| CVE-2026-34734 json | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An... | Tue, 14 Apr 2026 16:14:16 |
| CVE-2026-39376 json | FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches a URL that returns an HT... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-39315 json | Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentatio... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-39312 json | SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication den... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-35489 json | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-33816 json | Memory-safety vulnerability in github.com/jackc/pgx/v5. | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-5882 json | Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing ... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-5881 json | Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation re... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-5880 json | Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compr... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-5878 json | Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-5877 json | Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code insi... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-5445 json | An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-tab... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2025-62718 json | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle... | Tue, 14 Apr 2026 16:14:15 |
| CVE-2025-50228 json | Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules. | Tue, 14 Apr 2026 16:14:15 |
| CVE-2026-35036 json | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link previ... | Tue, 14 Apr 2026 16:14:14 |
| CVE-2026-33990 json | Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker... | Tue, 14 Apr 2026 16:14:14 |
| CVE-2026-33815 json | Memory-safety vulnerability in github.com/jackc/pgx/v5. | Tue, 14 Apr 2026 16:14:14 |
| CVE-2026-35470 json | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe... | Tue, 14 Apr 2026 15:58:14 |
| CVE-2026-35448 json | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint ret... | Tue, 14 Apr 2026 15:58:14 |
| CVE-2026-35181 json | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/pla... | Tue, 14 Apr 2026 15:58:14 |
| CVE-2026-32201 json | Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | Tue, 14 Apr 2026 15:42:59 |
| CVE-2026-4154 json | GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe... | Tue, 14 Apr 2026 15:42:59 |
| CVE-2026-4153 json | GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack... | Tue, 14 Apr 2026 15:42:59 |
| CVE-2026-40227 json | In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has ... | Tue, 14 Apr 2026 15:42:58 |
| CVE-2026-35568 json | MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a... | Tue, 14 Apr 2026 15:42:58 |
| CVE-2026-31272 json | MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserC... | Tue, 14 Apr 2026 15:42:58 |
| CVE-2026-31040 json | A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file con... | Tue, 14 Apr 2026 15:42:58 |
| CVE-2026-27806 json | Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation fl... | Tue, 14 Apr 2026 15:42:58 |
| CVE-2026-4152 json | GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack... | Tue, 14 Apr 2026 15:42:58 |
| CVE-2026-4151 json | GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe... | Tue, 14 Apr 2026 15:42:58 |
| CVE-2026-4150 json | GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe... | Tue, 14 Apr 2026 15:42:58 |
| CVE-2023-46945 json | QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request | Tue, 14 Apr 2026 15:42:58 |
| CVE-2026-34625 json | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerabi... | Tue, 14 Apr 2026 15:27:46 |
| CVE-2026-39564 json | Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart ... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-39544 json | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in them... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-39542 json | Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocomme... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-34624 json | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerabi... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-34623 json | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerabi... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-34371 json | LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execut... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-34080 json | xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eav... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-33404 json | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-31923 json | Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-31053 json | A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malfor... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-27664 json | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (A... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-27663 json | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-27288 json | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerabi... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-24069 json | Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue a... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2026-22560 json | An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by mani... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2025-55988 json | An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory... | Tue, 14 Apr 2026 15:27:45 |
| CVE-2025-63260 json | SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Cha... | Tue, 14 Apr 2026 15:27:44 |
| CVE-2016-20055 json | IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service t... | Tue, 14 Apr 2026 15:12:15 |
| CVE-2016-20053 json | Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administra... | Tue, 14 Apr 2026 15:12:15 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Tue, 14 Apr 2026 15:12:14 |
| CVE-2016-20052 json | Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary fi... | Tue, 14 Apr 2026 15:12:14 |
| CVE-2016-20051 json | Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials w... | Tue, 14 Apr 2026 15:12:14 |
| CVE-2016-20050 json | NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash ... | Tue, 14 Apr 2026 15:12:14 |
| CVE-2009-0238 json | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibilit... | Tue, 14 Apr 2026 15:12:14 |
| CVE-2026-39322 json | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a va... | Tue, 14 Apr 2026 14:57:10 |
| CVE-2026-34955 json | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOL... | Tue, 14 Apr 2026 14:57:10 |
| CVE-2026-34353 json | In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrust... | Tue, 14 Apr 2026 14:57:10 |
| CVE-2026-33166 json | Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior ... | Tue, 14 Apr 2026 14:57:10 |
| CVE-2026-32712 json | Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3... | Tue, 14 Apr 2026 14:57:10 |
| CVE-2026-29181 json | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction par... | Tue, 14 Apr 2026 14:57:10 |
| CVE-2026-27949 json | Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication ... | Tue, 14 Apr 2026 14:57:10 |
| CVE-2026-32887 json | Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. ... | Tue, 14 Apr 2026 14:42:05 |
| CVE-2026-34629 json | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could resu... | Tue, 14 Apr 2026 14:27:14 |
| CVE-2026-34628 json | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could resu... | Tue, 14 Apr 2026 14:27:14 |
| CVE-2026-34627 json | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could resu... | Tue, 14 Apr 2026 14:27:14 |
| CVE-2026-34617 json | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result... | Tue, 14 Apr 2026 14:27:14 |