CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-49299 json | In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-48116 json | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. P... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-47713 json | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. P... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-40528 json | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() f... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-40510 json | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-39292 json | Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder modu... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-10063 json | A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /go... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-10062 json | A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-9811 json | A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering select... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-9809 json | A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags ... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-9808 json | An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditi... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-9559 json | A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during c... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-9558 json | A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig tem... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-9557 json | A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-9509 json | An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remo... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-9508 json | Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup f... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-9039 json | A configuration weakness in the device’s remote management service allows an authenticated session to be established over a... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-8326 json | Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary fi... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-4776 json | An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-4290 json | The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{u... | Fri, 29 May 2026 11:43:14 |
| CVE-2026-46561 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based privat... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-45787 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-1... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-45353 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerab... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-45348 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-45306 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prev... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-44394 json | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propag... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-43000 json | An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulne... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-42999 json | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionall... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-30761 json | An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allo... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-30760 json | An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web ... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-9038 json | A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with ph... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-9037 json | A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages deliv... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-6720 json | When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded conne... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-4944 json | vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two mo... | Fri, 29 May 2026 11:43:13 |
| CVE-2026-47676 json | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount() strips th... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-47675 json | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize() funct... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-47674 json | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction mi... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-47673 json | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middl... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-47074 json | Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signa... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-45292 json | opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetr... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-41565 json | CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-32999 json | Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administra... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-32998 json | This vulnerability in Veeam Service Provider Console allows for remote code execution. | Fri, 29 May 2026 11:43:12 |
| CVE-2026-32997 json | A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Vee... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-9828 json | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core)... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-9807 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-9658 json | Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The he... | Fri, 29 May 2026 11:43:12 |
| CVE-2026-45137 json | Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, a... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-45136 json | claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh (i... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-45083 json | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 2... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-44888 json | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endp... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-44887 json | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configurati... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-44886 json | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web applica... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-44720 json | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulne... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-44346 json | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-44345 json | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, s... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-44247 json | Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server do... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-42877 json | FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XS... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-32996 json | This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation. | Fri, 29 May 2026 11:43:11 |
| CVE-2026-9759 json | ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service | Fri, 29 May 2026 11:43:11 |
| CVE-2026-9739 json | Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origi... | Fri, 29 May 2026 11:43:11 |
| CVE-2026-48906 json | The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites. | Fri, 29 May 2026 11:43:10 |
| CVE-2026-48545 json | Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space se... | Fri, 29 May 2026 11:43:10 |
| CVE-2026-45571 json | go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation i... | Fri, 29 May 2026 11:43:10 |
| CVE-2026-45570 json | go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transp... | Fri, 29 May 2026 11:43:10 |
| CVE-2026-45022 json | go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse ma... | Fri, 29 May 2026 11:43:10 |
| CVE-2026-44972 json | GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filena... | Fri, 29 May 2026 11:43:10 |
| CVE-2026-44902 json | opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.j... | Fri, 29 May 2026 11:43:10 |
| CVE-2026-42280 json | Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK... | Fri, 29 May 2026 11:43:10 |
| CVE-2026-36044 json | @pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() fun... | Fri, 29 May 2026 11:43:10 |
| CVE-2026-6957 json | Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct e... | Fri, 29 May 2026 11:43:10 |
| CVE-2026-44213 json | The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana N... | Fri, 29 May 2026 11:43:09 |
| CVE-2026-44209 json | Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environm... | Fri, 29 May 2026 11:43:09 |
| CVE-2026-25681 json | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to ex... | Fri, 29 May 2026 11:43:09 |
| CVE-2026-23288 json | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix out-of-bounds memset in command slot ... | Fri, 29 May 2026 11:43:09 |
| CVE-2026-49324 json | Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 mode... | Fri, 29 May 2026 11:28:12 |
| CVE-2026-49323 json | Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Sc... | Fri, 29 May 2026 11:28:12 |
| CVE-2026-47696 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the lo... | Fri, 29 May 2026 11:28:12 |
| CVE-2026-45731 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative p... | Fri, 29 May 2026 11:28:12 |
| CVE-2026-45610 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the... | Fri, 29 May 2026 11:28:12 |
| CVE-2026-45609 json | mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-sec... | Fri, 29 May 2026 11:28:12 |
| CVE-2026-41159 json | Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 1... | Fri, 29 May 2026 11:28:12 |
| CVE-2026-41150 json | Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 1... | Fri, 29 May 2026 11:28:12 |
| CVE-2026-10042 json | manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserializa... | Fri, 29 May 2026 11:28:12 |
| CVE-2026-49322 json | Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows ... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-46526 json | Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-45041 json | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-39821 json | The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For exampl... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-10014 json | Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised t... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-10012 json | Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer pr... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-10001 json | Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised t... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-10000 json | Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-9997 json | Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer p... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-9994 json | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the ... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-9993 json | Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer p... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-9970 json | Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer p... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-9951 json | Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox esca... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-9949 json | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the ... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-9946 json | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer p... | Fri, 29 May 2026 11:28:11 |
| CVE-2026-9937 json | Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the re... | Fri, 29 May 2026 11:28:11 |