CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2025-15553 json | Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation ... | Mon, 20 Apr 2026 09:31:47 |
| CVE-2025-15552 json | Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation t... | Mon, 20 Apr 2026 09:31:47 |
| CVE-2026-6648 json | A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Intern... | Mon, 20 Apr 2026 09:16:56 |
| CVE-2026-5026 json | The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sani... | Mon, 20 Apr 2026 09:16:56 |
| CVE-2026-5025 json | The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buff... | Mon, 20 Apr 2026 09:16:56 |
| CVE-2026-4887 json | A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote ... | Mon, 20 Apr 2026 09:16:55 |
| CVE-2025-27363 json | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when atte... | Mon, 20 Apr 2026 09:16:55 |
| CVE-2025-13947 json | A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any fil... | Mon, 20 Apr 2026 09:16:55 |
| CVE-2026-33907 json | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response a... | Mon, 20 Apr 2026 09:01:39 |
| CVE-2026-33906 json | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and ... | Mon, 20 Apr 2026 09:01:39 |
| CVE-2026-33904 json | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handl... | Mon, 20 Apr 2026 09:01:39 |
| CVE-2026-33748 json | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior ... | Mon, 20 Apr 2026 09:01:39 |
| CVE-2026-28429 json | Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the... | Mon, 20 Apr 2026 09:01:39 |
| CVE-2026-5022 json | The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowi... | Mon, 20 Apr 2026 09:01:39 |
| CVE-2026-28428 json | Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's... | Mon, 20 Apr 2026 09:01:38 |
| CVE-2026-0995 json | An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensu... | Mon, 20 Apr 2026 09:01:38 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Mon, 20 Apr 2026 09:01:38 |
| CVE-2026-33903 json | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP ... | Mon, 20 Apr 2026 08:31:37 |
| CVE-2025-32739 json | Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Dri... | Mon, 20 Apr 2026 08:31:37 |
| CVE-2026-6636 json | A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.ser... | Mon, 20 Apr 2026 08:16:37 |
| CVE-2026-6635 json | A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the fi... | Mon, 20 Apr 2026 08:16:37 |
| CVE-2026-6634 json | A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/A... | Mon, 20 Apr 2026 08:16:37 |
| CVE-2026-6633 json | A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins... | Mon, 20 Apr 2026 08:16:37 |
| CVE-2026-5958 json | When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, ... | Mon, 20 Apr 2026 08:16:37 |
| CVE-2026-6654 json | Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `... | Mon, 20 Apr 2026 07:17:20 |
| CVE-2026-6632 json | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of... | Mon, 20 Apr 2026 07:17:20 |
| CVE-2026-6631 json | A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the fil... | Mon, 20 Apr 2026 07:17:20 |
| CVE-2026-6630 json | A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /go... | Mon, 20 Apr 2026 07:17:20 |
| CVE-2026-6629 json | A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statemen... | Mon, 20 Apr 2026 07:17:20 |
| CVE-2026-31430 json | In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions ... | Mon, 20 Apr 2026 06:16:36 |
| CVE-2026-31429 json | In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb h... | Mon, 20 Apr 2026 06:16:36 |
| CVE-2026-6628 json | A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view... | Mon, 20 Apr 2026 06:16:36 |
| CVE-2026-6626 json | A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the ... | Mon, 20 Apr 2026 06:16:36 |
| CVE-2026-6625 json | A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function ... | Mon, 20 Apr 2026 06:16:36 |
| CVE-2026-6624 json | A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\... | Mon, 20 Apr 2026 06:16:36 |
| CVE-2026-6623 json | A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the fi... | Mon, 20 Apr 2026 06:16:36 |
| CVE-2026-6622 json | A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?... | Mon, 20 Apr 2026 06:16:36 |
| CVE-2025-13480 json | Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resourc... | Mon, 20 Apr 2026 06:16:36 |
| CVE-2026-6621 json | A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file in... | Mon, 20 Apr 2026 05:16:33 |
| CVE-2026-6620 json | A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file ... | Mon, 20 Apr 2026 05:16:33 |
| CVE-2026-6619 json | A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/com... | Mon, 20 Apr 2026 05:16:33 |
| CVE-2026-6618 json | A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundl... | Mon, 20 Apr 2026 05:16:33 |
| CVE-2026-39454 json | SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access... | Mon, 20 Apr 2026 05:16:32 |
| CVE-2026-5967 json | ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers wit... | Mon, 20 Apr 2026 05:16:32 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Mon, 20 Apr 2026 05:16:32 |
| CVE-2025-59089 json | If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), th... | Mon, 20 Apr 2026 05:16:32 |
| CVE-2023-5966 json | An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the ext... | Mon, 20 Apr 2026 05:16:32 |
| CVE-2023-5965 json | An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the upd... | Mon, 20 Apr 2026 05:16:32 |
| CVE-2026-41282 json | ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step template... | Mon, 20 Apr 2026 04:31:13 |
| CVE-2026-6617 json | A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_re... | Mon, 20 Apr 2026 04:31:13 |
| CVE-2026-6616 json | A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_wit... | Mon, 20 Apr 2026 04:31:13 |
| CVE-2026-6615 json | A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of ... | Mon, 20 Apr 2026 04:31:13 |
| CVE-2026-5966 json | ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers ... | Mon, 20 Apr 2026 04:31:13 |
| CVE-2026-5964 json | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arb... | Mon, 20 Apr 2026 04:31:13 |
| CVE-2026-5963 json | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arb... | Mon, 20 Apr 2026 04:31:13 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Mon, 20 Apr 2026 04:31:13 |
| CVE-2026-6644 json | A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative us... | Mon, 20 Apr 2026 03:30:14 |
| CVE-2026-6643 json | A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounde... | Mon, 20 Apr 2026 03:30:14 |
| CVE-2026-6614 json | A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the functi... | Mon, 20 Apr 2026 03:30:14 |
| CVE-2026-6613 json | A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedu... | Mon, 20 Apr 2026 03:30:14 |
| CVE-2026-6612 json | A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/upd... | Mon, 20 Apr 2026 03:30:14 |
| CVE-2026-6611 json | A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/s... | Mon, 20 Apr 2026 03:30:14 |
| CVE-2024-7083 json | The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high pr... | Mon, 20 Apr 2026 03:30:14 |
| CVE-2026-6610 json | A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the f... | Mon, 20 Apr 2026 02:30:07 |
| CVE-2026-6609 json | A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file o... | Mon, 20 Apr 2026 02:30:07 |
| CVE-2026-6608 json | A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-b... | Mon, 20 Apr 2026 02:30:07 |
| CVE-2026-6607 json | A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of t... | Mon, 20 Apr 2026 01:28:15 |
| CVE-2026-6606 json | A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_... | Mon, 20 Apr 2026 01:28:15 |
| CVE-2026-6605 json | A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url ... | Mon, 20 Apr 2026 01:28:15 |
| CVE-2026-6604 json | A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepa... | Mon, 20 Apr 2026 01:28:15 |
| CVE-2026-6603 json | A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_... | Mon, 20 Apr 2026 01:28:15 |
| CVE-2026-32965 json | Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex tech... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32964 json | SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injec... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32963 json | SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a us... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32962 json | SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32961 json | SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32960 json | SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not rem... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32959 json | SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic al... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32958 json | SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32957 json | SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on f... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32956 json | SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing ... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-6602 json | A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-6601 json | A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatab... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-6600 json | A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/moda... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-6599 json | A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-6598 json | A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_p... | Mon, 20 Apr 2026 00:27:46 |
| CVE-2026-32955 json | SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing... | Mon, 20 Apr 2026 00:27:45 |
| CVE-2026-4111 json | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read... | Mon, 20 Apr 2026 00:27:45 |
| CVE-2026-6597 json | A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of... | Sun, 19 Apr 2026 23:27:04 |
| CVE-2026-6596 json | A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file o... | Sun, 19 Apr 2026 23:27:03 |
| CVE-2026-6595 json | A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59... | Sun, 19 Apr 2026 23:27:03 |
| CVE-2026-6594 json | A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the ar... | Sun, 19 Apr 2026 22:26:21 |
| CVE-2026-6593 json | A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py... | Sun, 19 Apr 2026 22:26:21 |
| CVE-2026-6592 json | A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the fil... | Sun, 19 Apr 2026 22:26:21 |
| CVE-2026-6591 json | A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folde... | Sun, 19 Apr 2026 21:26:20 |
| CVE-2026-6590 json | A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manag... | Sun, 19 Apr 2026 21:26:20 |
| CVE-2026-6589 json | A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware o... | Sun, 19 Apr 2026 21:26:20 |
| CVE-2026-6588 json | A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_mo... | Sun, 19 Apr 2026 21:26:20 |
| CVE-2026-6587 json | A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_loc... | Sun, 19 Apr 2026 20:26:18 |
| CVE-2026-6586 json | A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget... | Sun, 19 Apr 2026 20:26:18 |