CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-5366 json | Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRe... | Sat, 20 Jun 2026 13:20:55 |
| CVE-2026-56332 json | Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirec... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56330 json | Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unva... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56325 json | Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolv... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56319 json | Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allow... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56317 json | Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component ... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56307 json | Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56304 json | picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create ... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56295 json | Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56294 json | capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceede... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56282 json | Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that expo... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56276 json | Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated user... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56267 json | Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint tha... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56235 json | Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, g... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56228 json | Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configurat... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56227 json | Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56218 json | Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information ... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2025-71331 json | Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messa... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2024-58351 json | Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, s... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-12673 json | Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation fr... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2022-50972 json | WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injec... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2020-37255 json | WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers t... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2019-25763 json | WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2026-48939 json | A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ult... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2026-48909 json | SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthentic... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2026-48908 json | A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately ... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2019-25752 json | Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to ... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2019-25749 json | Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary ... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2026-12119 json | The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check ... | Sat, 20 Jun 2026 05:29:46 |
| CVE-2026-11912 json | The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization chec... | Sat, 20 Jun 2026 05:29:46 |
| CVE-2026-11911 json | The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation i... | Sat, 20 Jun 2026 05:29:46 |
| CVE-2026-9843 json | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due t... | Fri, 19 Jun 2026 22:37:27 |
| CVE-2026-9265 json | Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attri... | Fri, 19 Jun 2026 22:37:27 |
| CVE-2026-56216 json | Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-lim... | Fri, 19 Jun 2026 21:22:45 |
| CVE-2026-56215 json | Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which th... | Fri, 19 Jun 2026 21:22:45 |
| CVE-2026-56214 json | Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_trial_org and i... | Fri, 19 Jun 2026 21:22:45 |
| CVE-2026-56213 json | Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER funct... | Fri, 19 Jun 2026 21:22:45 |
| CVE-2026-56212 json | Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security s... | Fri, 19 Jun 2026 21:22:44 |
| CVE-2026-11551 json | The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and includi... | Fri, 19 Jun 2026 20:22:33 |
| CVE-2026-56082 json | Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC ... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-56081 json | Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-56080 json | Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and succ... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-56079 json | Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scope... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-56073 json | Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass em... | Fri, 19 Jun 2026 18:22:53 |
| CVE-2026-50559 json | Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-50519 json | Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacke... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-49346 json | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with la... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-49337 json | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL ... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-49295 json | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can ca... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-48794 json | Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SS... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-48584 json | Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-48582 json | Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-48129 json | Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra t... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-47645 json | Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker ... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-47636 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-47203 json | Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SS... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45649 json | Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45645 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45643 json | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45486 json | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45485 json | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45482 json | Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacke... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45480 json | Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45475 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45474 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-42895 json | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthoriz... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-32208 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allow... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-11527 json | Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -f... | Fri, 19 Jun 2026 17:22:53 |
| CVE-2026-45472 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45471 json | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45469 json | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45466 json | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45463 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45461 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45460 json | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45459 json | Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45458 json | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute ... | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45457 json | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45456 json | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute ... | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-45455 json | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44824 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44823 json | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44822 json | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44821 json | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44820 json | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44819 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44818 json | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44817 json | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44812 json | Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-44803 json | Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-42915 json | Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally. | Fri, 19 Jun 2026 17:22:52 |
| CVE-2026-42824 json | Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a n... | Fri, 19 Jun 2026 17:22:51 |
| CVE-2026-6238 json | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to val... | Fri, 19 Jun 2026 17:22:51 |
| CVE-2026-49345 json | Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Ser... | Fri, 19 Jun 2026 16:22:47 |
| CVE-2026-49344 json | Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Merca... | Fri, 19 Jun 2026 16:22:47 |
| CVE-2026-49342 json | YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache looku... | Fri, 19 Jun 2026 16:22:47 |
| CVE-2026-48787 json | gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the co... | Fri, 19 Jun 2026 16:22:47 |
| CVE-2026-48774 json | ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `ru... | Fri, 19 Jun 2026 16:22:47 |
| CVE-2026-48773 json | ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication h... | Fri, 19 Jun 2026 16:22:47 |
| CVE-2026-48772 json | ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL front... | Fri, 19 Jun 2026 16:22:47 |