CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-21384 json | Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read ... | Tue, 07 Jul 2026 12:54:05 |
| CVE-2026-21383 json | Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for eac... | Tue, 07 Jul 2026 12:54:05 |
| CVE-2026-21379 json | Memory Corruption when allocating memory with sizes that exceed the maximum allowed value. | Tue, 07 Jul 2026 12:54:05 |
| CVE-2026-21370 json | Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values. | Tue, 07 Jul 2026 12:54:04 |
| CVE-2026-21369 json | Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification. | Tue, 07 Jul 2026 12:54:04 |
| CVE-2026-21368 json | Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks. | Tue, 07 Jul 2026 12:54:04 |
| CVE-2026-55115 json | A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi P... | Tue, 07 Jul 2026 12:39:03 |
| CVE-2026-25271 json | Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and... | Tue, 07 Jul 2026 12:39:03 |
| CVE-2026-25268 json | Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations. | Tue, 07 Jul 2026 12:39:03 |
| CVE-2026-54409 json | A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerabil... | Tue, 07 Jul 2026 12:39:02 |
| CVE-2026-54408 json | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Ap... | Tue, 07 Jul 2026 12:39:02 |
| CVE-2026-56812 json | Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix (Presence JavaScript client) a... | Tue, 07 Jul 2026 12:23:48 |
| CVE-2026-56811 json | Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix (Phoenix.Socket module) allows... | Tue, 07 Jul 2026 12:23:48 |
| CVE-2026-53878 json | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in... | Tue, 07 Jul 2026 12:23:48 |
| CVE-2026-53877 json | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its... | Tue, 07 Jul 2026 12:23:48 |
| CVE-2026-48588 json | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` deco... | Tue, 07 Jul 2026 12:23:48 |
| CVE-2026-14969 json | A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for... | Tue, 07 Jul 2026 12:23:48 |
| CVE-2026-14935 json | A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boo... | Tue, 07 Jul 2026 12:23:48 |
| CVE-2026-59152 json | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-59093 json | Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by t... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-58404 json | Hugo is a static site generator. From v0.162.0 through v0.163.0, the default security.http.urls policy denies requests to loo... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-57571 json | Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, th... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-55798 json | Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by direc... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-53694 json | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-42341 json | FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-41434 json | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A c... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-40141 json | A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Acces... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-40140 json | BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the netwo... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-40139 json | A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper p... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-40138 json | A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileg... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-34153 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, ... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-33264 json | A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when the... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-14940 json | A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that ... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-14898 json | The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place a... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-12948 json | A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Dig... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-12352 json | This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the de... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-12277 json | The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before d... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-9165 json | A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL que... | Tue, 07 Jul 2026 12:23:47 |
| CVE-2026-35386 json | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requir... | Tue, 07 Jul 2026 12:08:14 |
| CVE-2026-57985 json | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Tue, 07 Jul 2026 11:37:23 |
| CVE-2026-59709 json | Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when pr... | Tue, 07 Jul 2026 11:22:29 |
| CVE-2026-44938 json | A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespa... | Tue, 07 Jul 2026 11:22:29 |
| CVE-2026-42201 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, ... | Tue, 07 Jul 2026 11:22:29 |
| CVE-2026-42172 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, ... | Tue, 07 Jul 2026 11:22:29 |
| CVE-2026-42147 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, ... | Tue, 07 Jul 2026 11:22:29 |
| CVE-2026-42143 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, ... | Tue, 07 Jul 2026 11:22:29 |
| CVE-2026-14476 json | A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. ... | Tue, 07 Jul 2026 11:22:29 |
| CVE-2026-6101 json | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and ... | Tue, 07 Jul 2026 11:22:29 |
| CVE-2026-53648 json | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files a... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-53647 json | FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `servicea... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-53646 json | FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPassw... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-53643 json | FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff a... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-53642 json | FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require E... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-53640 json | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff account... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-43925 json | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assi... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-43921 json | FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code inject... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-42204 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 throu... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-41899 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, ... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-34170 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, ... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-34168 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, ... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-34149 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, ... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-34048 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, ... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-34047 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, ... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-34037 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, ... | Tue, 07 Jul 2026 11:22:28 |
| CVE-2026-59713 json | Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without vali... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-59711 json | showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary H... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-57573 json | Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF desti... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-54765 json | Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-54764 json | Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware,... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-54234 json | vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-53763 json | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A c... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-50133 json | Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the ... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-42331 json | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-41515 json | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A c... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-34599 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, ... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-34050 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, ... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-33734 json | FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vu... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-32718 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, ... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-14468 json | HashiCorp Terraform Enterprise contained an issue in its version control system (VCS) ingestion of registry modules that did ... | Tue, 07 Jul 2026 11:22:27 |
| CVE-2026-59195 json | pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies s... | Tue, 07 Jul 2026 11:22:26 |
| CVE-2026-57984 json | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Tue, 07 Jul 2026 11:22:26 |
| CVE-2026-57983 json | Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a... | Tue, 07 Jul 2026 11:22:26 |
| CVE-2026-57981 json | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Tue, 07 Jul 2026 11:22:26 |
| CVE-2026-54060 json | Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a com... | Tue, 07 Jul 2026 11:22:26 |
| CVE-2026-14798 json | A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processi... | Tue, 07 Jul 2026 11:22:26 |
| CVE-2026-14631 json | webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a... | Tue, 07 Jul 2026 11:22:26 |
| CVE-2026-12154 json | The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... | Tue, 07 Jul 2026 11:22:26 |
| CVE-2025-53828 json | SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing applicatio... | Tue, 07 Jul 2026 11:22:26 |
| CVE-2025-15668 json | A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomed... | Tue, 07 Jul 2026 11:22:26 |
| CVE-2026-42010 json | A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched... | Tue, 07 Jul 2026 11:22:25 |
| CVE-2026-14620 json | webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /w... | Tue, 07 Jul 2026 11:22:25 |
| CVE-2026-13574 json | A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the... | Tue, 07 Jul 2026 11:22:25 |
| CVE-2026-13573 json | A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library... | Tue, 07 Jul 2026 11:22:25 |
| CVE-2026-2100 json | A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remo... | Tue, 07 Jul 2026 11:22:25 |
| CVE-2018-10902 json | It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (doub... | Tue, 07 Jul 2026 11:22:25 |
| CVE-2026-9547 json | When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` call... | Tue, 07 Jul 2026 11:07:28 |
| CVE-2026-9546 json | A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation... | Tue, 07 Jul 2026 11:07:28 |
| CVE-2026-9545 json | In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to... | Tue, 07 Jul 2026 11:07:28 |
| CVE-2026-9080 json | Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability... | Tue, 07 Jul 2026 11:07:26 |
| CVE-2026-9079 json | libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old cr... | Tue, 07 Jul 2026 11:07:25 |