CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-7031 json | A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFi... | Sun, 26 Apr 2026 06:19:40 |
| CVE-2026-7030 json | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /gofo... | Sun, 26 Apr 2026 06:19:40 |
| CVE-2026-7029 json | A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform... | Sun, 26 Apr 2026 05:19:12 |
| CVE-2026-7028 json | A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the fi... | Sun, 26 Apr 2026 05:19:12 |
| CVE-2026-7027 json | A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup ... | Sun, 26 Apr 2026 05:19:12 |
| CVE-2026-7026 json | A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component Syste... | Sun, 26 Apr 2026 04:18:03 |
| CVE-2026-7025 json | A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file... | Sun, 26 Apr 2026 04:18:03 |
| CVE-2026-7024 json | A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown ... | Sun, 26 Apr 2026 03:17:08 |
| CVE-2026-7023 json | A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL ... | Sun, 26 Apr 2026 03:17:08 |
| CVE-2026-7022 json | A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file pac... | Sun, 26 Apr 2026 02:16:14 |
| CVE-2026-7021 json | A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM... | Sun, 26 Apr 2026 02:16:14 |
| CVE-2026-7020 json | A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/tra... | Sun, 26 Apr 2026 01:30:25 |
| CVE-2026-7019 json | A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /gof... | Sun, 26 Apr 2026 01:30:25 |
| CVE-2026-42255 json | Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation. | Sun, 26 Apr 2026 00:30:17 |
| CVE-2026-7018 json | A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is ... | Sun, 26 Apr 2026 00:30:17 |
| CVE-2026-7016 json | A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performi... | Sun, 26 Apr 2026 00:30:17 |
| CVE-2026-7015 json | A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestb... | Sat, 25 Apr 2026 23:30:16 |
| CVE-2026-7014 json | A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin.... | Sat, 25 Apr 2026 23:30:16 |
| CVE-2026-7013 json | A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality o... | Sat, 25 Apr 2026 23:30:16 |
| CVE-2026-42254 json | Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated wi... | Sat, 25 Apr 2026 23:30:15 |
| CVE-2026-7012 json | A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The m... | Sat, 25 Apr 2026 22:30:14 |
| CVE-2026-7011 json | A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the ... | Sat, 25 Apr 2026 21:30:12 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Sat, 25 Apr 2026 21:00:15 |
| CVE-2026-7002 json | A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /i... | Sat, 25 Apr 2026 18:29:22 |
| CVE-2026-7001 json | A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configur... | Sat, 25 Apr 2026 18:29:22 |
| CVE-2026-7000 json | A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of th... | Sat, 25 Apr 2026 17:28:27 |
| CVE-2026-6999 json | A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component... | Sat, 25 Apr 2026 17:28:27 |
| CVE-2026-6998 json | A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New ... | Sat, 25 Apr 2026 17:28:27 |
| CVE-2026-6997 json | A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the... | Sat, 25 Apr 2026 16:27:39 |
| CVE-2026-6996 json | A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component r... | Sat, 25 Apr 2026 16:27:39 |
| CVE-2026-6995 json | A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of... | Sat, 25 Apr 2026 16:27:39 |
| CVE-2026-6994 json | A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filte... | Sat, 25 Apr 2026 15:27:14 |
| CVE-2026-6993 json | A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transpor... | Sat, 25 Apr 2026 15:27:14 |
| CVE-2026-4208 json | The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA by... | Sat, 25 Apr 2026 14:57:11 |
| CVE-2026-40173 json | Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclo... | Sat, 25 Apr 2026 14:42:11 |
| CVE-2026-40261 json | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulne... | Sat, 25 Apr 2026 14:27:11 |
| CVE-2026-40186 json | ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in ver... | Sat, 25 Apr 2026 14:27:11 |
| CVE-2026-40176 json | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulne... | Sat, 25 Apr 2026 14:27:11 |
| CVE-2026-6992 json | A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of th... | Sat, 25 Apr 2026 14:27:11 |
| CVE-2026-6991 json | A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file package... | Sat, 25 Apr 2026 14:27:11 |
| CVE-2026-6990 json | A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app... | Sat, 25 Apr 2026 14:27:11 |
| CVE-2026-6989 json | A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet o... | Sat, 25 Apr 2026 14:27:11 |
| CVE-2026-6988 json | A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /... | Sat, 25 Apr 2026 14:27:11 |
| CVE-2026-29185 json | Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsin... | Sat, 25 Apr 2026 14:11:36 |
| CVE-2026-24467 json | OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign a... | Sat, 25 Apr 2026 14:11:36 |
| CVE-2026-21388 json | Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows a... | Sat, 25 Apr 2026 14:11:36 |
| CVE-2025-59707 json | In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of... | Sat, 25 Apr 2026 14:11:36 |
| CVE-2025-59706 json | In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution. | Sat, 25 Apr 2026 14:11:36 |
| CVE-2025-52649 json | HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may a... | Sat, 25 Apr 2026 14:11:36 |
| CVE-2025-52645 json | HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenti... | Sat, 25 Apr 2026 14:11:36 |
| CVE-2025-52643 json | HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated s... | Sat, 25 Apr 2026 14:11:36 |
| CVE-2025-52636 json | HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of uplo... | Sat, 25 Apr 2026 14:11:36 |
| CVE-2026-29184 json | Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can by... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2026-24048 json | Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implement... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-55252 json | HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwo... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-55251 json | HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulti... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-55250 json | HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, po... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-55249 json | HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weake... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-52661 json | HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, pote... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-52660 json | HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulti... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-52659 json | HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive o... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-52628 json | HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be se... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-52627 json | Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical sy... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-52626 json | A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially lead... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2025-52625 json | A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose creden... | Sat, 25 Apr 2026 14:11:35 |
| CVE-2026-6987 json | A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the... | Sat, 25 Apr 2026 13:25:43 |
| CVE-2026-6986 json | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt... | Sat, 25 Apr 2026 13:25:43 |
| CVE-2026-6985 json | A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file... | Sat, 25 Apr 2026 13:25:43 |
| CVE-2026-4111 json | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read... | Sat, 25 Apr 2026 13:25:42 |
| CVE-2026-6984 json | A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the fil... | Sat, 25 Apr 2026 12:24:57 |
| CVE-2026-6983 json | A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /ind... | Sat, 25 Apr 2026 12:24:57 |
| CVE-2026-6982 json | A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown fun... | Sat, 25 Apr 2026 11:24:12 |
| CVE-2026-6981 json | A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the... | Sat, 25 Apr 2026 11:24:11 |
| CVE-2026-6980 json | A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts th... | Sat, 25 Apr 2026 10:22:57 |
| CVE-2026-6979 json | A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controll... | Sat, 25 Apr 2026 08:21:50 |
| CVE-2026-6978 json | A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the fil... | Sat, 25 Apr 2026 08:21:50 |
| CVE-2026-6977 json | A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the ... | Sat, 25 Apr 2026 07:20:34 |
| CVE-2026-6951 json | Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [... | Sat, 25 Apr 2026 07:20:34 |
| CVE-2026-31685 json | In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31684 json | In the Linux kernel, the following vulnerability has been resolved: net: sched: act_csum: validate nested VLAN headers tcf_... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31683 json | In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is i... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31682 json | In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND opti... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31681 json | In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_multiport: validate range encoding in chec... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31680 json | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: flowlabel: defer exclusive option free until ... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31679 json | In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/set_masked payload length... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31678 json | In the Linux kernel, the following vulnerability has been resolved: openvswitch: defer tunnel netdev_put to RCU release ovs... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31677 json | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffe... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31676 json | In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge On... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31675 json | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_netem: fix out-of-bounds access in packet... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31674 json | In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_ch... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31673 json | In the Linux kernel, the following vulnerability has been resolved: af_unix: read UNIX_DIAG_VFS data under unix_state_lock ... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31534 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Sat, 25 Apr 2026 02:17:14 |
| CVE-2026-41502 json | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-boun... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41433 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41421 json | SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages a... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41322 json | @astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources fro... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41319 json | MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versi... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41079 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a netwo... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-33318 json | Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can e... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41277 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vu... | Fri, 24 Apr 2026 22:29:34 |