CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-8725 json | A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/c... | Sat, 16 May 2026 22:29:58 |
| CVE-2026-8724 json | A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file Sqlp... | Sat, 16 May 2026 22:29:58 |
| CVE-2026-8723 json | ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an a... | Sat, 16 May 2026 20:29:26 |
| CVE-2026-6050 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Sat, 16 May 2026 19:29:25 |
| CVE-2026-46728 json | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a h... | Sat, 16 May 2026 18:29:23 |
| CVE-2026-46719 json | Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, ... | Sat, 16 May 2026 17:29:22 |
| CVE-2021-47981 json | Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47980 json | Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queri... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47979 json | WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attacke... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47978 json | ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary file... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47977 json | WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allo... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47976 json | TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitr... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47975 json | WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject m... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47974 json | VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services ... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47973 json | Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pastin... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47972 json | Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application ... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47971 json | My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excess... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47970 json | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47969 json | Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessiv... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47957 json | Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malic... | Sat, 16 May 2026 12:29:15 |
| CVE-2021-47956 json | EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate databas... | Sat, 16 May 2026 12:29:14 |
| CVE-2021-47955 json | CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScr... | Sat, 16 May 2026 12:29:14 |
| CVE-2021-47954 json | LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by... | Sat, 16 May 2026 12:29:14 |
| CVE-2021-47952 json | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python comm... | Sat, 16 May 2026 12:29:14 |
| CVE-2021-47942 json | Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to... | Sat, 16 May 2026 12:29:14 |
| CVE-2021-47934 json | MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts throu... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37247 json | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attacker... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37246 json | Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37245 json | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers ... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37244 json | Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37243 json | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37242 json | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbit... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37241 json | bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative action... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37240 json | Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators t... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37239 json | libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by ... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37238 json | CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Mana... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37237 json | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inje... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37236 json | NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators t... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37235 json | WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authentic... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37234 json | Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attac... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37233 json | WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attacker... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37232 json | Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 se... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37231 json | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attack... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37230 json | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows loc... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37229 json | OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local at... | Sat, 16 May 2026 12:29:14 |
| CVE-2020-37228 json | iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authe... | Sat, 16 May 2026 12:29:13 |
| CVE-2020-37227 json | HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-... | Sat, 16 May 2026 12:29:13 |
| CVE-2020-17103 json | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Sat, 16 May 2026 10:29:10 |
| CVE-2026-46333 json | In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dump... | Sat, 16 May 2026 09:29:08 |
| CVE-2025-4202 json | The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modific... | Sat, 16 May 2026 09:29:08 |
| CVE-2026-42794 json | Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows refl... | Sat, 16 May 2026 07:28:57 |
| CVE-2026-8657 json | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and js... | Sat, 16 May 2026 02:24:14 |
| CVE-2026-8656 json | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter d... | Sat, 16 May 2026 02:24:14 |
| CVE-2026-22707 json | Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content ... | Fri, 15 May 2026 23:35:15 |
| CVE-2026-22706 json | Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user... | Fri, 15 May 2026 23:35:15 |
| CVE-2025-64526 json | Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in... | Fri, 15 May 2026 23:35:15 |
| CVE-2026-44501 json | DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserializes att... | Fri, 15 May 2026 23:35:14 |
| CVE-2026-43640 json | Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organiz... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-34960 json | barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_messag... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-27886 json | Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not su... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-8681 json | The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-8305 json | A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookReques... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-7287 json | ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgrad... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-7257 json | ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-7256 json | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-7210 json | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a c... | Fri, 15 May 2026 23:20:00 |
| CVE-2026-43639 json | Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add... | Fri, 15 May 2026 23:04:51 |
| CVE-2026-43638 json | Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to writ... | Fri, 15 May 2026 23:04:51 |
| CVE-2025-43992 json | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass b... | Fri, 15 May 2026 23:04:51 |
| CVE-2026-8581 json | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a s... | Fri, 15 May 2026 22:49:44 |
| CVE-2026-46367 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated use... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-46361 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.an... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-45800 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-45781 json | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI owne... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-45736 json | ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulner... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-45007 json | phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthe... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-44366 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a S... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-42831 json | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Fri, 15 May 2026 22:19:22 |
| CVE-2026-41103 json | Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized... | Fri, 15 May 2026 22:19:22 |
| CVE-2026-41102 json | Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | Fri, 15 May 2026 22:19:22 |
| CVE-2026-41101 json | Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | Fri, 15 May 2026 22:19:22 |
| CVE-2026-44279 json | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenA... | Fri, 15 May 2026 22:04:04 |
| CVE-2026-44278 json | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.... | Fri, 15 May 2026 22:04:04 |
| CVE-2026-42832 json | Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. | Fri, 15 May 2026 22:04:04 |
| CVE-2026-41100 json | Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | Fri, 15 May 2026 22:04:04 |
| CVE-2026-41094 json | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to exe... | Fri, 15 May 2026 21:48:50 |
| CVE-2026-40421 json | External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a... | Fri, 15 May 2026 21:48:50 |
| CVE-2026-45369 json | python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_proto... | Fri, 15 May 2026 21:18:24 |
| CVE-2026-44636 json | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in ... | Fri, 15 May 2026 21:18:24 |
| CVE-2026-42847 json | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulne... | Fri, 15 May 2026 21:18:24 |
| CVE-2026-8704 json | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | Fri, 15 May 2026 21:18:24 |
| CVE-2026-8700 json | Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function... | Fri, 15 May 2026 21:18:24 |
| CVE-2026-45375 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) render... | Fri, 15 May 2026 21:18:23 |
| CVE-2026-42594 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that ho... | Fri, 15 May 2026 21:18:23 |
| CVE-2026-41315 json | mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command executi... | Fri, 15 May 2026 21:18:23 |
| CVE-2026-0974 json | The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to ... | Fri, 15 May 2026 21:18:23 |
| CVE-2026-45622 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45402 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple e... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45396 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /... | Fri, 15 May 2026 19:31:00 |
| CVE-2026-45350 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a... | Fri, 15 May 2026 19:31:00 |