CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-12183 json | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication... | Sat, 13 Jun 2026 14:19:40 |
| CVE-2026-6428 json | SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before... | Sat, 13 Jun 2026 13:18:36 |
| CVE-2026-53982 json | Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to b... | Sat, 13 Jun 2026 09:18:12 |
| CVE-2026-5513 json | The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scrip... | Sat, 13 Jun 2026 08:18:10 |
| CVE-2026-11624 json | The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connection... | Sat, 13 Jun 2026 06:18:07 |
| CVE-2026-1291 json | The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on... | Sat, 13 Jun 2026 06:18:07 |
| CVE-2026-9629 json | The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, a... | Sat, 13 Jun 2026 04:18:04 |
| CVE-2026-3297 json | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripti... | Sat, 13 Jun 2026 04:18:04 |
| CVE-2026-2470 json | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization i... | Sat, 13 Jun 2026 04:18:04 |
| CVE-2026-9134 json | The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode par... | Sat, 13 Jun 2026 03:17:07 |
| CVE-2026-9109 json | The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulne... | Sat, 13 Jun 2026 03:17:07 |
| CVE-2026-9062 json | The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-p... | Sat, 13 Jun 2026 03:17:07 |
| CVE-2026-9061 json | The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and output... | Sat, 13 Jun 2026 03:17:07 |
| CVE-2026-11769 json | We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path trav... | Sat, 13 Jun 2026 02:30:15 |
| CVE-2026-49396 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before ... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47260 json | Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the Saf... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47223 json | NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.169... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47200 json | Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to be... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47197 json | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use ... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47141 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtin... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47131 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buf... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-46717 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before ... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-45013 json | ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset ... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-42853 json | ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and inclu... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-9641 json | Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorith... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-49973 json | Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote att... | Sat, 13 Jun 2026 00:27:10 |
| CVE-2026-47238 json | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit a... | Sat, 13 Jun 2026 00:27:10 |
| CVE-2026-54231 json | A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script quer... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-54230 json | A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write o... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-54229 json | A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory ... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-54228 json | A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dum... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-47188 json | Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-47175 json | Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several mo... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-44705 json | tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vuln... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-12089 json | The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in vers... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-9848 json | The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions ... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-47162 json | Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists i... | Fri, 12 Jun 2026 21:08:00 |
| CVE-2026-12016 json | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromis... | Fri, 12 Jun 2026 21:08:00 |
| CVE-2026-12015 json | Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the rendere... | Fri, 12 Jun 2026 21:08:00 |
| CVE-2026-12014 json | Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potential... | Fri, 12 Jun 2026 21:08:00 |
| CVE-2026-12019 json | Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who h... | Fri, 12 Jun 2026 20:52:51 |
| CVE-2026-12017 json | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had comprom... | Fri, 12 Jun 2026 20:52:51 |
| CVE-2026-12027 json | Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromis... | Fri, 12 Jun 2026 20:37:44 |
| CVE-2026-12024 json | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same... | Fri, 12 Jun 2026 20:37:44 |
| CVE-2026-12022 json | Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the rende... | Fri, 12 Jun 2026 20:37:44 |
| CVE-2026-12020 json | Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit h... | Fri, 12 Jun 2026 20:37:44 |
| CVE-2026-11443 json | Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attacke... | Fri, 12 Jun 2026 20:22:14 |
| CVE-2026-11442 json | Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to ... | Fri, 12 Jun 2026 20:22:14 |
| CVE-2026-12068 json | Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker ope... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2026-6676 json | Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-14098 json | Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-10101 json | Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Mach-O file may allow Local Executi... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-9033 json | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Exe... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-9032 json | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Lo... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-8351 json | Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may all... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2026-54398 json | An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to a... | Fri, 12 Jun 2026 18:20:17 |
| CVE-2026-54095 json | Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a d... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53868 json | Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary emai... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53867 json | Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove th... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53839 json | OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname ... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53838 json | OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to co... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53837 json | OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validat... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53836 json | OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attac... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53835 json | OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allo... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53834 json | OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows aut... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53833 json | OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authentic... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53832 json | OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trus... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53831 json | OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53830 json | OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo ... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53829 json | OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command ... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53828 json | OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated ... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53827 json | OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controll... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53826 json | OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the rea... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53825 json | OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenti... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53824 json | OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue ex... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53823 json | OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack d... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53822 json | OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval a... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53821 json | OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trus... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53820 json | OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that a... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53609 json | ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` ... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-53608 json | ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-53523 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before ... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-53522 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before ... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-53521 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-53520 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-53519 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fall... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-49397 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before ... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-48119 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-47268 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-47124 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before ... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-47120 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before ... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-46716 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before ... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-41158 json | Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. ... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-41157 json | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-41155 json | An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure mem... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-34195 json | Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bound... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2026-12131 json | A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Inv... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2025-7019 json | Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2025-7018 json | Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-o... | Fri, 12 Jun 2026 18:20:15 |
| CVE-2025-7017 json | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow L... | Fri, 12 Jun 2026 18:20:15 |