CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-43640 json | Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organiz... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-34960 json | barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_messag... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-27886 json | Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not su... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-8681 json | The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-8305 json | A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookReques... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-7287 json | ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgrad... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-7257 json | ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-7256 json | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-7210 json | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a c... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-43639 json | Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add... | Fri, 15 May 2026 23:04:51 |
| CVE-2026-43638 json | Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to writ... | Fri, 15 May 2026 23:04:51 |
| CVE-2025-43992 json | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass b... | Fri, 15 May 2026 23:04:51 |
| CVE-2026-8581 json | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a s... | Fri, 15 May 2026 22:49:44 |
| CVE-2026-46367 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated use... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-46361 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.an... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-45800 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-45781 json | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI owne... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-45736 json | ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulner... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-45007 json | phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthe... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-44366 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a S... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-42831 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 15 May 2026 22:19:22 |
| CVE-2026-41103 json | Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-41102 json | Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | Fri, 15 May 2026 22:19:22 |
| CVE-2026-41101 json | Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | Fri, 15 May 2026 22:19:22 |
| CVE-2026-44279 json | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenA... | Fri, 15 May 2026 22:04:04 |
| CVE-2026-44278 json | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.... | Fri, 15 May 2026 22:04:04 |
| CVE-2026-42832 json | Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. | Fri, 15 May 2026 22:04:04 |
| CVE-2026-41100 json | Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | Fri, 15 May 2026 22:04:04 |
| CVE-2026-41094 json | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to exe... | Fri, 15 May 2026 21:48:50 |
| CVE-2026-40421 json | External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a... | Fri, 15 May 2026 21:48:50 |
| CVE-2026-45369 json | python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_proto... | Fri, 15 May 2026 21:18:24 |
| CVE-2026-44636 json | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in ... | Fri, 15 May 2026 21:18:24 |
| CVE-2026-42847 json | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulne... | Fri, 15 May 2026 21:18:24 |
| CVE-2026-8704 json | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | Fri, 15 May 2026 21:18:24 |
| CVE-2026-8700 json | Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function... | Fri, 15 May 2026 21:18:24 |
| CVE-2026-45375 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) render... | Fri, 15 May 2026 21:18:23 |
| CVE-2026-42594 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that ho... | Fri, 15 May 2026 21:18:23 |
| CVE-2026-41315 json | mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command executi... | Fri, 15 May 2026 21:18:23 |
| CVE-2026-0974 json | The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to ... | Fri, 15 May 2026 21:18:23 |
| CVE-2026-45622 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45402 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple e... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45396 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45350 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45338 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-S... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45331 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_u... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45010 json | phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-44571 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standar... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45667 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v... | Fri, 15 May 2026 18:29:22 |
| CVE-2026-45666 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /... | Fri, 15 May 2026 18:29:22 |
| CVE-2026-45665 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored C... | Fri, 15 May 2026 18:29:22 |
| CVE-2026-45365 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an intern... | Fri, 15 May 2026 18:29:22 |
| CVE-2026-45351 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a reg... | Fri, 15 May 2026 18:29:22 |
| CVE-2026-45347 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is ... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45346 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.31, there is ... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45345 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45318 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his adviso... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45317 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an applica... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45316 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45315 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio ... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45314 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channe... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45303 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through th... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45301 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-45299 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profil... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-44570 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authoriza... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-44569 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's a... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-44567 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API ... | Fri, 15 May 2026 18:29:21 |
| CVE-2026-46474 json | Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand fun... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-46365 json | phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint t... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-46359 json | phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-45671 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authen... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-45400 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing ... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-45387 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setti... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-44826 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvv... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-44566 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when att... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-44565 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uplo... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-44549 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-35194 json | Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users ... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-8669 json | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-8454 json | Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. I... | Fri, 15 May 2026 18:29:20 |
| CVE-2026-46366 json | phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permiss... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-45675 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP an... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-45672 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-45401 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the valida... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-45398 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-45397 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-45395 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool u... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-45386 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin ... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-45385 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vu... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-44721 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored c... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-44568 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the Accoun... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-44561 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_use... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-44559 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /a... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-44555 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-44553 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administra... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-8696 json | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows... | Fri, 15 May 2026 17:28:52 |
| CVE-2026-46363 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass s... | Fri, 15 May 2026 17:28:51 |
| CVE-2026-46360 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits r... | Fri, 15 May 2026 17:28:51 |
| CVE-2026-45616 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, Th... | Fri, 15 May 2026 17:28:51 |
| CVE-2026-45393 json | Reserved. Details will be published at disclosure. | Fri, 15 May 2026 17:28:51 |
| CVE-2026-45009 json | phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordi... | Fri, 15 May 2026 17:28:51 |