CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-55964 json | Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have th... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-55960 json | Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public k... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-55958 json | Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fix... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-54636 json | Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-49486 json | The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, s... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-45408 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metachara... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-45407 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, ... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-45406 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includ... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-45405 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip ar... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-45257 json | The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe t... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-45256 json | When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was ... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-12340 json | Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signatu... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-11310 json | X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only bu... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-10592 json | Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DN... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2020-37256 json | Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configurati... | Fri, 26 Jun 2026 15:03:48 |
| CVE-2026-57234 json | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, w... | Fri, 26 Jun 2026 15:03:47 |
| CVE-2026-54679 json | jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple over... | Fri, 26 Jun 2026 15:03:47 |
| CVE-2026-54036 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable ... | Fri, 26 Jun 2026 15:03:47 |
| CVE-2026-54027 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images en... | Fri, 26 Jun 2026 15:03:47 |
| CVE-2026-49839 json | jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-st... | Fri, 26 Jun 2026 15:03:47 |
| CVE-2026-47770 json | jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exh... | Fri, 26 Jun 2026 15:03:47 |
| CVE-2026-47633 json | Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized ... | Fri, 26 Jun 2026 15:03:47 |
| CVE-2026-44727 json | Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server rend... | Fri, 26 Jun 2026 15:03:47 |
| CVE-2026-13311 json | shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which rea... | Fri, 26 Jun 2026 15:03:47 |
| CVE-2018-1273 json | Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property bind... | Fri, 26 Jun 2026 14:48:17 |
| CVE-2018-1259 json | Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlie... | Fri, 26 Jun 2026 14:48:17 |
| CVE-2017-8046 json | Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to... | Fri, 26 Jun 2026 14:48:17 |
| CVE-2026-53765 json | Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.... | Fri, 26 Jun 2026 14:33:15 |
| CVE-2020-9713 json | Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 ... | Fri, 26 Jun 2026 14:33:15 |
| CVE-2020-9711 json | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-... | Fri, 26 Jun 2026 14:33:15 |
| CVE-2020-9695 json | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-... | Fri, 26 Jun 2026 14:33:15 |
| CVE-2026-56876 json | extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-55448 json | mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_c... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-55441 json | mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (m... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-54557 json | mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install s... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-54341 json | Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload trigg... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-48743 json | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and ... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-48706 json | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.3... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-48497 json | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and ... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-48044 json | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.3... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-48042 json | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and ... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-47778 json | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and ... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-47775 json | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and ... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-47692 json | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.3... | Fri, 26 Jun 2026 14:18:14 |
| CVE-2026-57231 json | Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment ... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-56823 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-56663 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-55686 json | Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the ... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-55677 json | Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. T... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-47221 json | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.3... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-47207 json | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.3... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-47206 json | Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol I... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-47204 json | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.3... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-33646 json | mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files throu... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-28385 json | In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functional... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-11779 json | An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-0828 json | Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivile... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-0685 json | Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a re... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2025-32423 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2025-32394 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Fri, 26 Jun 2026 14:18:13 |
| CVE-2026-57663 json | Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57657 json | Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57651 json | Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57645 json | newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57638 json | Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57632 json | Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57631 json | Administrator SQL Injection in Popup box <= 6.0.1 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57622 json | Subscriber Broken Access Control in WPCafe <= 3.0.14 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57618 json | Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57324 json | Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57323 json | Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57317 json | Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-57316 json | Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-56072 json | Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-56070 json | Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-56064 json | Subscriber SQL Injection in Tourfic <= 2.22.5 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-56063 json | Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions. | Fri, 26 Jun 2026 14:18:12 |
| CVE-2025-11919 json | The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same... | Fri, 26 Jun 2026 14:18:12 |
| CVE-2026-56058 json | Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-56057 json | Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-56045 json | Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-56044 json | Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-56038 json | Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-56036 json | Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-56031 json | Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-56030 json | Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-56025 json | Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-56011 json | Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-54840 json | Unauthenticated Broken Access Control in Newsletters <= 4.13 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-54839 json | Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2... | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-54832 json | Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-54831 json | Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-54820 json | Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-52701 json | Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2025-68063 json | Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2025-68052 json | Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2025-63078 json | Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2025-63041 json | Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | Fri, 26 Jun 2026 14:18:11 |
| CVE-2026-57880 json | An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and ... | Fri, 26 Jun 2026 14:18:10 |
| CVE-2026-56790 json | CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function i... | Fri, 26 Jun 2026 14:18:10 |