CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2015-4495 json | The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote atta... | Wed, 22 Apr 2026 06:43:16 |
| CVE-2012-0391 json | The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certa... | Wed, 22 Apr 2026 06:43:16 |
| CVE-2012-0158 json | The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in M... | Wed, 22 Apr 2026 06:43:16 |
| CVE-2011-3402 json | Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows X... | Wed, 22 Apr 2026 06:43:15 |
| CVE-2011-2005 json | afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate u... | Wed, 22 Apr 2026 06:43:15 |
| CVE-2011-1889 json | The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote att... | Wed, 22 Apr 2026 06:43:15 |
| CVE-2010-3333 json | Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 f... | Wed, 22 Apr 2026 06:43:15 |
| CVE-2010-2572 json | Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted... | Wed, 22 Apr 2026 06:43:15 |
| CVE-2010-2568 json | Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows l... | Wed, 22 Apr 2026 06:43:15 |
| CVE-2026-33601 json | If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null ... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-33600 json | An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency che... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-33262 json | An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to ... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-33261 json | A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-33260 json | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-33259 json | Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recu... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-33258 json | By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NS... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-33257 json | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-33256 json | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-6848 json | A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-1930 json | The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on th... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-1913 json | The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link sh... | Wed, 22 Apr 2026 06:27:45 |
| CVE-2026-1757 json | A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated fo... | Wed, 22 Apr 2026 06:27:44 |
| CVE-2026-1395 json | The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribu... | Wed, 22 Apr 2026 06:27:44 |
| CVE-2026-0992 json | A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML cata... | Wed, 22 Apr 2026 06:27:44 |
| CVE-2026-0990 json | A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLRes... | Wed, 22 Apr 2026 06:27:44 |
| CVE-2026-0989 json | A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does... | Wed, 22 Apr 2026 06:27:44 |
| CVE-2026-6846 json | A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-6845 json | A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause ... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-6844 json | A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS)... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-6843 json | A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creatin... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-6396 json | The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and includi... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-6294 json | The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including ... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-6246 json | The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-6236 json | The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all ver... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-6235 json | The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' func... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-6041 json | The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' (buzz_commen... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-5820 json | The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all v... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-5767 json | The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` short... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-5748 json | The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ts` shortcode in all ve... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-4353 json | The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_m... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-4280 json | The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. Th... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-4279 json | The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button'... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-4142 json | The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th... | Wed, 22 Apr 2026 05:27:16 |
| CVE-2026-4140 json | The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and in... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4139 json | The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. Th... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4138 json | The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includ... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4133 json | The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and includi... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4132 json | The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4131 json | The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and in... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4128 json | The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, a... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4126 json | The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, ... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4125 json | The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all v... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4121 json | The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4119 json | The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. Th... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4118 json | The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includi... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4117 json | The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due t... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4090 json | The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4089 json | The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in ... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4088 json | The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_cta_box' shortcode in all ... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4085 json | The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper_class' shor... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4082 json | The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swiffy] shortcode in all vers... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4076 json | The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'templ... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-4074 json | The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' sh... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-3362 json | The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings f... | Wed, 22 Apr 2026 05:27:15 |
| CVE-2026-31433 json | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_file_all_info() for comp... | Wed, 22 Apr 2026 05:27:14 |
| CVE-2026-31432 json | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_INFO for compound requests... | Wed, 22 Apr 2026 05:27:14 |
| CVE-2026-31431 json | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place T... | Wed, 22 Apr 2026 05:27:14 |
| CVE-2026-2719 json | The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all ve... | Wed, 22 Apr 2026 05:27:14 |
| CVE-2026-2717 json | The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is d... | Wed, 22 Apr 2026 05:27:14 |
| CVE-2026-2714 json | The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setti... | Wed, 22 Apr 2026 05:27:14 |
| CVE-2026-1845 json | The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up t... | Wed, 22 Apr 2026 05:27:14 |
| CVE-2026-1379 json | The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, ... | Wed, 22 Apr 2026 05:27:14 |
| CVE-2026-6842 json | A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory pe... | Wed, 22 Apr 2026 04:25:55 |
| CVE-2026-6023 json | In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure ... | Wed, 22 Apr 2026 04:25:55 |
| CVE-2026-40542 json | Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-2... | Wed, 22 Apr 2026 04:25:54 |
| CVE-2026-6022 json | In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnera... | Wed, 22 Apr 2026 04:25:54 |
| CVE-2026-6840 json | Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version i... | Wed, 22 Apr 2026 03:24:15 |
| CVE-2026-6839 json | Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during co... | Wed, 22 Apr 2026 03:24:15 |
| CVE-2026-41667 json | Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for ... | Wed, 22 Apr 2026 03:24:14 |
| CVE-2026-41666 json | Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop st... | Wed, 22 Apr 2026 03:24:14 |
| CVE-2026-41665 json | Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initiali... | Wed, 22 Apr 2026 03:24:14 |
| CVE-2026-41664 json | Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with larg... | Wed, 22 Apr 2026 03:24:14 |
| CVE-2026-40450 json | Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memo... | Wed, 22 Apr 2026 03:24:14 |
| CVE-2026-40449 json | Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsun... | Wed, 22 Apr 2026 03:24:14 |
| CVE-2026-40448 json | Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tenso... | Wed, 22 Apr 2026 03:24:14 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Wed, 22 Apr 2026 03:24:14 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Wed, 22 Apr 2026 03:24:14 |
| CVE-2026-22754 json | Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/en... | Wed, 22 Apr 2026 02:23:31 |
| CVE-2026-22753 json | Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatch... | Wed, 22 Apr 2026 02:23:31 |
| CVE-2026-22748 json | Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReact... | Wed, 22 Apr 2026 02:23:31 |
| CVE-2026-22747 json | Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 ce... | Wed, 22 Apr 2026 02:23:31 |
| CVE-2026-22746 json | Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #i... | Wed, 22 Apr 2026 02:23:31 |
| CVE-2026-40451 json | DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows a... | Wed, 22 Apr 2026 01:22:44 |
| CVE-2026-41035 json | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver us... | Wed, 22 Apr 2026 00:22:42 |
| CVE-2026-6835 json | The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to uploa... | Wed, 22 Apr 2026 00:22:42 |
| CVE-2026-6834 json | The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrar... | Wed, 22 Apr 2026 00:22:42 |
| CVE-2026-6833 json | The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary... | Wed, 22 Apr 2026 00:22:42 |
| CVE-2026-6416 json | Tanium addressed an uncontrolled resource consumption vulnerability in Interact. | Tue, 21 Apr 2026 23:22:41 |
| CVE-2026-6408 json | Tanium addressed an information disclosure vulnerability in Tanium Server. | Tue, 21 Apr 2026 23:22:41 |
| CVE-2026-6392 json | Tanium addressed an information disclosure vulnerability in Threat Response. | Tue, 21 Apr 2026 23:22:41 |