CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-35254 json | Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. ... | Wed, 06 May 2026 04:23:22 |
| CVE-2026-35253 json | Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v... | Wed, 06 May 2026 04:23:22 |
| CVE-2026-23928 json | The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML d... | Wed, 06 May 2026 04:23:22 |
| CVE-2026-7841 json | A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with... | Wed, 06 May 2026 04:23:22 |
| CVE-2026-7457 json | The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. Th... | Wed, 06 May 2026 04:23:22 |
| CVE-2026-7448 json | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site... | Wed, 06 May 2026 04:23:22 |
| CVE-2026-7332 json | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site... | Wed, 06 May 2026 04:23:22 |
| CVE-2026-6672 json | The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shor... | Wed, 06 May 2026 04:23:22 |
| CVE-2026-6344 json | The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due... | Wed, 06 May 2026 04:23:22 |
| CVE-2026-23927 json | A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Ag... | Wed, 06 May 2026 04:23:21 |
| CVE-2026-23926 json | An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any ... | Wed, 06 May 2026 04:23:21 |
| CVE-2026-43002 json | An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage b... | Wed, 06 May 2026 03:23:20 |
| CVE-2026-42997 json | An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authoriz... | Wed, 06 May 2026 03:23:20 |
| CVE-2026-31282 json | Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the... | Wed, 06 May 2026 03:23:20 |
| CVE-2026-7020 json | A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/tra... | Wed, 06 May 2026 02:23:18 |
| CVE-2026-2306 json | The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due t... | Wed, 06 May 2026 02:23:18 |
| CVE-2026-5753 json | The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to... | Wed, 06 May 2026 00:23:15 |
| CVE-2026-3208 json | The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing ... | Wed, 06 May 2026 00:23:15 |
| CVE-2026-7573 json | An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows... | Tue, 05 May 2026 23:23:13 |
| CVE-2026-7572 json | An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before ver... | Tue, 05 May 2026 23:23:13 |
| CVE-2025-71256 json | In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional ex... | Tue, 05 May 2026 22:23:12 |
| CVE-2025-71255 json | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional e... | Tue, 05 May 2026 22:23:12 |
| CVE-2025-71254 json | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional e... | Tue, 05 May 2026 22:23:12 |
| CVE-2025-71253 json | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional e... | Tue, 05 May 2026 22:23:12 |
| CVE-2025-71252 json | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional e... | Tue, 05 May 2026 22:23:12 |
| CVE-2025-71251 json | In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n... | Tue, 05 May 2026 22:23:12 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Tue, 05 May 2026 21:08:12 |
| CVE-2026-44405 json | In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm. | Tue, 05 May 2026 20:23:08 |
| CVE-2026-28780 json | Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP... | Tue, 05 May 2026 19:23:07 |
| CVE-2026-40934 json | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentic... | Tue, 05 May 2026 18:23:06 |
| CVE-2026-40110 json | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses... | Tue, 05 May 2026 18:23:06 |
| CVE-2026-40075 json | OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 th... | Tue, 05 May 2026 18:23:06 |
| CVE-2026-41950 json | Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full co... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-40068 json | In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file w... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-39852 json | Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-39849 json | Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the ... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-39402 json | lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line()... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-39383 json | Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can fo... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-35579 json | CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations i... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-35527 json | Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an ou... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-29169 json | A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-7707 json | A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the fil... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-7585 json | A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned o... | Tue, 05 May 2026 17:23:04 |
| CVE-2025-61669 json | Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query paramet... | Tue, 05 May 2026 17:23:04 |
| CVE-2026-26158 json | A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directo... | Tue, 05 May 2026 17:23:03 |
| CVE-2026-26157 json | A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft mal... | Tue, 05 May 2026 17:23:03 |
| CVE-2026-7264 json | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the... | Tue, 05 May 2026 17:23:03 |
| CVE-2026-7233 json | A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of ... | Tue, 05 May 2026 17:23:03 |
| CVE-2026-3118 json | A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insuf... | Tue, 05 May 2026 17:23:03 |
| CVE-2026-3007 json | Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary J... | Tue, 05 May 2026 17:08:03 |
| CVE-2026-33851 json | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue aff... | Tue, 05 May 2026 16:53:03 |
| CVE-2026-31370 json | Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service c... | Tue, 05 May 2026 16:53:03 |
| CVE-2026-31369 json | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | Tue, 05 May 2026 16:53:03 |
| CVE-2026-31368 json | AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availabili... | Tue, 05 May 2026 16:53:03 |
| CVE-2026-4753 json | Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. | Tue, 05 May 2026 16:53:03 |
| CVE-2026-4752 json | Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329. | Tue, 05 May 2026 16:53:03 |
| CVE-2026-4750 json | Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0. | Tue, 05 May 2026 16:53:03 |
| CVE-2026-4749 json | NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0. | Tue, 05 May 2026 16:53:03 |
| CVE-2025-70365 json | A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied... | Tue, 05 May 2026 16:53:03 |
| CVE-2026-33850 json | Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54. | Tue, 05 May 2026 16:53:02 |
| CVE-2026-4743 json | NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils modules). This vulnerability is associated with ... | Tue, 05 May 2026 16:53:02 |
| CVE-2026-4742 json | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/... | Tue, 05 May 2026 16:53:02 |
| CVE-2026-4739 json | Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (Modules/ThirdParty/Expat/src/expat modules)... | Tue, 05 May 2026 16:53:02 |
| CVE-2025-69727 json | An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index... | Tue, 05 May 2026 16:53:02 |
| CVE-2026-40331 json | Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.... | Tue, 05 May 2026 16:38:03 |
| CVE-2026-40330 json | Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.... | Tue, 05 May 2026 16:38:03 |
| CVE-2026-40329 json | Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in ... | Tue, 05 May 2026 16:38:03 |
| CVE-2026-38947 json | FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in TextHTML plugin. | Tue, 05 May 2026 16:38:03 |
| CVE-2026-38429 json | OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing ... | Tue, 05 May 2026 16:38:03 |
| CVE-2026-34408 json | An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset functi... | Tue, 05 May 2026 16:38:03 |
| CVE-2026-33975 json | Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-serve... | Tue, 05 May 2026 16:38:03 |
| CVE-2023-54349 json | AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject mali... | Tue, 05 May 2026 16:38:03 |
| CVE-2026-42485 json | AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in ... | Tue, 05 May 2026 16:38:02 |
| CVE-2026-42467 json | An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read... | Tue, 05 May 2026 16:38:02 |
| CVE-2026-42052 json | Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolat... | Tue, 05 May 2026 16:38:02 |
| CVE-2026-38669 json | wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a new blog. | Tue, 05 May 2026 16:38:02 |
| CVE-2026-37554 json | An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulner... | Tue, 05 May 2026 16:38:02 |
| CVE-2026-37539 json | Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.... | Tue, 05 May 2026 16:38:02 |
| CVE-2026-30363 json | flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function. | Tue, 05 May 2026 16:38:02 |
| CVE-2026-7776 json | Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition d... | Tue, 05 May 2026 16:38:02 |
| CVE-2026-7857 json | A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /use... | Tue, 05 May 2026 16:23:07 |
| CVE-2026-7856 json | A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component... | Tue, 05 May 2026 16:23:07 |
| CVE-2026-44331 json | In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-40280 json | Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-35453 json | PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, ... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-35397 json | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-34596 json | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Chec... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-34527 json | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer:... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-34464 json | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServe... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-34462 json | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several Proces... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-34461 json | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniSer... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-34459 json | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc pr... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-34458 json | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injecti... | Tue, 05 May 2026 16:23:06 |
| CVE-2026-34084 json | PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, ... | Tue, 05 May 2026 16:23:05 |
| CVE-2026-33489 json | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza... | Tue, 05 May 2026 16:23:05 |
| CVE-2026-33420 json | Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details ... | Tue, 05 May 2026 16:23:05 |
| CVE-2026-33324 json | SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2S... | Tue, 05 May 2026 16:23:05 |
| CVE-2026-33190 json | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS tr... | Tue, 05 May 2026 16:23:05 |
| CVE-2026-32936 json | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized... | Tue, 05 May 2026 16:23:05 |
| CVE-2026-32934 json | CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into u... | Tue, 05 May 2026 16:23:05 |