CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-48842 json | Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugi... | Wed, 03 Jun 2026 18:20:26 |
| CVE-2026-46447 json | OpenStack Ironic through 35.0.x allows Boot Script Injection. | Wed, 03 Jun 2026 18:20:26 |
| CVE-2026-36610 json | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 enco... | Wed, 03 Jun 2026 18:20:26 |
| CVE-2026-22055 json | Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privil... | Wed, 03 Jun 2026 18:20:26 |
| CVE-2026-22054 json | Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low pr... | Wed, 03 Jun 2026 18:20:26 |
| CVE-2026-10771 json | A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-commo... | Wed, 03 Jun 2026 18:20:26 |
| CVE-2025-22424 json | In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lea... | Wed, 03 Jun 2026 18:20:26 |
| CVE-2019-25718 json | Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode... | Wed, 03 Jun 2026 18:20:26 |
| CVE-2019-25716 json | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote att... | Wed, 03 Jun 2026 18:20:26 |
| CVE-2026-48501 json | GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization head... | Wed, 03 Jun 2026 17:19:40 |
| CVE-2026-40425 json | The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files rel... | Wed, 03 Jun 2026 17:04:40 |
| CVE-2026-45284 json | Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check all... | Wed, 03 Jun 2026 16:33:20 |
| CVE-2026-37232 json | An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calc... | Wed, 03 Jun 2026 16:33:19 |
| CVE-2026-30963 json | Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through ... | Wed, 03 Jun 2026 16:33:19 |
| CVE-2026-50033 json | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (W... | Wed, 03 Jun 2026 16:18:16 |
| CVE-2026-44682 json | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (W... | Wed, 03 Jun 2026 16:18:16 |
| CVE-2026-44609 json | Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (W... | Wed, 03 Jun 2026 16:18:16 |
| CVE-2026-43924 json | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not... | Wed, 03 Jun 2026 16:18:16 |
| CVE-2026-42061 json | Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acr... | Wed, 03 Jun 2026 16:18:16 |
| CVE-2026-40495 json | FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system versio... | Wed, 03 Jun 2026 16:18:16 |
| CVE-2026-37700 json | Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Ba... | Wed, 03 Jun 2026 16:18:16 |
| CVE-2026-26825 json | A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable v... | Wed, 03 Jun 2026 16:18:16 |
| CVE-2026-45614 json | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A c... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-44653 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-42840 json | An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trig... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-42507 json | When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow ... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-36618 json | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resol... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-36611 json | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST reques... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-36609 json | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change betwe... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-36604 json | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebindin... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-26824 json | libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocat... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-10766 json | A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_h... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-3276 json | unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of c... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2025-15653 json | Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability tha... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2024-14036 json | Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adj... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2022-4992 json | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with V... | Wed, 03 Jun 2026 16:18:15 |
| CVE-2026-45149 json | The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, th... | Wed, 03 Jun 2026 16:18:14 |
| CVE-2026-37978 json | A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'ev... | Wed, 03 Jun 2026 16:18:14 |
| CVE-2026-34352 json | In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause... | Wed, 03 Jun 2026 16:18:14 |
| CVE-2026-9309 json | Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that ... | Wed, 03 Jun 2026 16:18:14 |
| CVE-2026-9308 json | Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malici... | Wed, 03 Jun 2026 16:18:14 |
| CVE-2026-0072 json | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. T... | Wed, 03 Jun 2026 16:18:14 |
| CVE-2021-4481 json | Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file sy... | Wed, 03 Jun 2026 16:18:14 |
| CVE-2021-4480 json | Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file sy... | Wed, 03 Jun 2026 16:18:14 |
| CVE-2026-45247 json | Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allow... | Wed, 03 Jun 2026 16:02:17 |
| CVE-2026-44211 json | Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cros... | Wed, 03 Jun 2026 16:02:17 |
| CVE-2026-10270 json | A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_deb... | Wed, 03 Jun 2026 16:02:17 |
| CVE-2026-7507 json | A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit t... | Wed, 03 Jun 2026 16:02:17 |
| CVE-2026-37982 json | A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken... | Wed, 03 Jun 2026 16:02:16 |
| CVE-2026-37981 json | A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a re... | Wed, 03 Jun 2026 16:02:16 |
| CVE-2026-37979 json | A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpo... | Wed, 03 Jun 2026 16:02:16 |
| CVE-2026-7504 json | A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker ... | Wed, 03 Jun 2026 16:02:16 |
| CVE-2026-7307 json | A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Asser... | Wed, 03 Jun 2026 16:02:16 |
| CVE-2026-4630 json | A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability ... | Wed, 03 Jun 2026 16:02:16 |
| CVE-2026-22872 json | Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileg... | Wed, 03 Jun 2026 15:47:13 |
| CVE-2026-9802 json | A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server rest... | Wed, 03 Jun 2026 15:47:13 |
| CVE-2026-9801 json | A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious L... | Wed, 03 Jun 2026 15:47:13 |
| CVE-2026-9798 json | A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily lock... | Wed, 03 Jun 2026 15:47:13 |
| CVE-2026-9796 json | A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to ti... | Wed, 03 Jun 2026 15:47:13 |
| CVE-2026-9795 json | A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client manageme... | Wed, 03 Jun 2026 15:47:13 |
| CVE-2026-9794 json | A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted ... | Wed, 03 Jun 2026 15:47:12 |
| CVE-2026-9792 json | A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain ... | Wed, 03 Jun 2026 15:47:12 |
| CVE-2026-8922 json | A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak... | Wed, 03 Jun 2026 15:47:12 |
| CVE-2026-7571 json | A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security c... | Wed, 03 Jun 2026 15:47:12 |
| CVE-2026-2575 json | A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by ... | Wed, 03 Jun 2026 15:47:12 |
| CVE-2026-8889 json | Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIP... | Wed, 03 Jun 2026 15:32:07 |
| CVE-2026-8888 json | Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaSc... | Wed, 03 Jun 2026 15:32:07 |
| CVE-2026-8881 json | Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encr... | Wed, 03 Jun 2026 15:32:07 |
| CVE-2026-45702 json | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A c... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-42839 json | An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, descr... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-39107 json | A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to p... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-36615 json | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns inte... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-36613 json | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized internal buffer contents when rec... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-36608 json | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the r... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-36607 json | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP passw... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-36606 json | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-26379 json | An issue in Koha v.25.11 and before allows a remote attacker to execute arbitrary code via the Z39.50 configuration module | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-26378 json | Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file uploa... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-8879 json | Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-8878 json | Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated acces... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-8876 json | Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys dec... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-8874 json | Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over ... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-7888 json | Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/... | Wed, 03 Jun 2026 15:32:06 |
| CVE-2026-48840 json | Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitiali... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2026-37462 json | An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Deni... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2026-36748 json | RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | Wed, 03 Jun 2026 15:32:05 |
| CVE-2026-36605 json | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is vulnerable to a HTTP denial of service via a low number of... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2026-36576 json | An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows ... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2026-35718 json | A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows aut... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2026-30652 json | A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD813... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2026-10064 json | A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /gofo... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2026-9803 json | A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerabi... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2018-25426 json | WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed ... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2018-25412 json | Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious fil... | Wed, 03 Jun 2026 15:32:05 |
| CVE-2026-27680 json | Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject c... | Wed, 03 Jun 2026 15:32:04 |
| CVE-2026-34257 json | Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malic... | Wed, 03 Jun 2026 15:16:26 |
| CVE-2026-27682 json | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on B... | Wed, 03 Jun 2026 15:16:26 |
| CVE-2026-27674 json | Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker... | Wed, 03 Jun 2026 15:16:26 |
| CVE-2026-46835 json | Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.... | Wed, 03 Jun 2026 15:01:26 |
| CVE-2026-46834 json | Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.... | Wed, 03 Jun 2026 15:01:26 |