CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-7330 json | The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, ... | Fri, 08 May 2026 05:24:14 |
| CVE-2026-5127 json | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress ... | Fri, 08 May 2026 05:24:14 |
| CVE-2026-44928 json | In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. | Fri, 08 May 2026 04:38:47 |
| CVE-2026-44927 json | In uriparser before 1.0.2, there is pointer difference truncation to int in various places. | Fri, 08 May 2026 04:38:47 |
| CVE-2026-43284 json | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags M... | Fri, 08 May 2026 04:38:47 |
| CVE-2013-10075 json | Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File ... | Fri, 08 May 2026 04:38:47 |
| CVE-2026-8149 json | A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f. This vulnerability is a... | Fri, 08 May 2026 03:21:15 |
| CVE-2026-8069 json | PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Win... | Fri, 08 May 2026 03:21:15 |
| CVE-2026-44916 json | In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing. | Fri, 08 May 2026 03:21:14 |
| CVE-2026-4935 json | The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using... | Fri, 08 May 2026 03:21:14 |
| CVE-2025-69691 json | Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this becau... | Fri, 08 May 2026 03:21:14 |
| CVE-2025-69690 json | Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object ... | Fri, 08 May 2026 03:21:14 |
| CVE-2025-69599 json | RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH enviro... | Fri, 08 May 2026 03:21:14 |
| CVE-2025-67888 json | An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin... | Fri, 08 May 2026 03:21:14 |
| CVE-2025-67887 json | 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Mo... | Fri, 08 May 2026 03:21:14 |
| CVE-2025-67886 json | Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Mod... | Fri, 08 May 2026 03:21:14 |
| CVE-2025-55449 json | AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to... | Fri, 08 May 2026 03:21:14 |
| CVE-2023-46453 json | Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via... | Fri, 08 May 2026 03:21:14 |
| CVE-2024-53326 json | LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), le... | Fri, 08 May 2026 02:19:41 |
| CVE-2024-51092 json | LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController... | Fri, 08 May 2026 02:19:41 |
| CVE-2024-46508 json | yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_... | Fri, 08 May 2026 02:19:41 |
| CVE-2024-46507 json | A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1... | Fri, 08 May 2026 02:19:41 |
| CVE-2024-45257 json | A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary... | Fri, 08 May 2026 02:19:41 |
| CVE-2024-33724 json | SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. | Fri, 08 May 2026 02:19:41 |
| CVE-2024-33722 json | SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[]. | Fri, 08 May 2026 02:19:41 |
| CVE-2024-33288 json | Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin... | Fri, 08 May 2026 02:19:41 |
| CVE-2024-30167 json | /cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands ... | Fri, 08 May 2026 02:19:41 |
| CVE-2024-27686 json | Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device cra... | Fri, 08 May 2026 02:19:41 |
| CVE-2026-5588 json | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pki... | Fri, 08 May 2026 02:19:40 |
| CVE-2023-47268 json | In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary cod... | Fri, 08 May 2026 02:19:40 |
| CVE-2026-42279 json | solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{... | Fri, 08 May 2026 01:19:33 |
| CVE-2026-42278 json | UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTr... | Fri, 08 May 2026 01:19:33 |
| CVE-2026-42277 json | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows a... | Fri, 08 May 2026 01:19:33 |
| CVE-2026-42276 json | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session... | Fri, 08 May 2026 01:19:33 |
| CVE-2026-8148 json | NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via ... | Fri, 08 May 2026 01:19:33 |
| CVE-2026-8138 json | A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/S... | Fri, 08 May 2026 01:19:33 |
| CVE-2026-8137 json | A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 o... | Fri, 08 May 2026 01:19:33 |
| CVE-2023-42346 json | Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host. | Fri, 08 May 2026 01:19:33 |
| CVE-2023-42345 json | A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp. | Fri, 08 May 2026 01:19:33 |
| CVE-2023-42344 json | Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query... | Fri, 08 May 2026 01:19:33 |
| CVE-2023-42343 json | A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type. | Fri, 08 May 2026 01:19:33 |
| CVE-2022-45899 json | Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root... | Fri, 08 May 2026 01:19:33 |
| CVE-2022-26523 json | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attac... | Fri, 08 May 2026 01:19:32 |
| CVE-2022-26522 json | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attac... | Fri, 08 May 2026 01:19:32 |
| CVE-2022-23961 json | In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can ... | Fri, 08 May 2026 01:19:32 |
| CVE-2026-44298 json | Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-A... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-43944 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.1... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-43943 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code exec... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-43942 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the g... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-43941 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Elect... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-43940 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWid... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-42275 json | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backen... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-42274 json | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall perfo... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-42273 json | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall perfo... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-42272 json | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handl... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-42271 json | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-42267 json | Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER can create a t... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-42264 json | Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config p... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-8136 json | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /in... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-8133 json | A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown fun... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-8132 json | A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.p... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-8131 json | A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-8130 json | A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-8129 json | A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the ... | Fri, 08 May 2026 00:19:33 |
| CVE-2026-42261 json | PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, ap... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-42208 json | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version ... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-42203 json | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-42150 json | wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds A... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-41900 json | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-41646 json | Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerabili... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-41645 json | Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerabili... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-41501 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command i... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-41500 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command i... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-41498 json | Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team... | Fri, 08 May 2026 00:19:32 |
| CVE-2026-8128 json | A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file ... | Thu, 07 May 2026 23:19:01 |
| CVE-2026-8127 json | A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.jav... | Thu, 07 May 2026 23:19:01 |
| CVE-2026-8126 json | A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comme... | Thu, 07 May 2026 23:19:01 |
| CVE-2026-6737 json | An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver securit... | Thu, 07 May 2026 23:19:01 |
| CVE-2026-3508 json | An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system... | Thu, 07 May 2026 23:19:01 |
| CVE-2026-8125 json | A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sen... | Thu, 07 May 2026 22:17:18 |
| CVE-2026-8124 json | A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/iso... | Thu, 07 May 2026 22:17:18 |
| CVE-2026-8123 json | A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the ... | Thu, 07 May 2026 22:17:18 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Thu, 07 May 2026 21:01:15 |
| CVE-2026-8117 json | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown pr... | Thu, 07 May 2026 20:30:14 |
| CVE-2026-8116 json | A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the ... | Thu, 07 May 2026 20:30:14 |
| CVE-2026-42880 json | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to b... | Thu, 07 May 2026 19:29:23 |
| CVE-2026-8115 json | A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src... | Thu, 07 May 2026 19:29:23 |
| CVE-2026-6411 json | This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encryp... | Thu, 07 May 2026 19:29:23 |
| CVE-2026-2710 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Thu, 07 May 2026 19:29:23 |
| CVE-2026-8114 json | A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sy... | Thu, 07 May 2026 18:29:24 |
| CVE-2026-8113 json | A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerabi... | Thu, 07 May 2026 18:29:24 |
| CVE-2026-8112 json | A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function execut... | Thu, 07 May 2026 18:29:24 |
| CVE-2026-8106 json | A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that co... | Thu, 07 May 2026 18:29:24 |
| CVE-2026-8034 json | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowe... | Thu, 07 May 2026 18:29:24 |
| CVE-2026-7891 json | The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misco... | Thu, 07 May 2026 18:29:24 |
| CVE-2026-42826 json | Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose inform... | Thu, 07 May 2026 18:29:23 |
| CVE-2026-41929 json | Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview re... | Thu, 07 May 2026 18:29:23 |
| CVE-2026-41928 json | Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated atta... | Thu, 07 May 2026 18:29:23 |
| CVE-2026-41105 json | Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a n... | Thu, 07 May 2026 18:29:23 |
| CVE-2026-40214 json | In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The pro... | Thu, 07 May 2026 18:29:23 |