CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-11527 json | Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -f... | Sun, 14 Jun 2026 08:17:14 |
| CVE-2026-11526 json | GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _m... | Sun, 14 Jun 2026 08:17:14 |
| CVE-2026-5598 json | Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerabil... | Sun, 14 Jun 2026 06:29:14 |
| CVE-2025-15546 json | The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy settin... | Sun, 14 Jun 2026 04:28:42 |
| CVE-2026-52907 json | In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change thes... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-52906 json | In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46332 json | In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive bufferi... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46330 json | In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This revert... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46328 json | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu tim... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46327 json | In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function ... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46326 json | In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct init... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46325 json | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes !=... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46324 json | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46323 json | In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can ... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46322 json | In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() Wh... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46321 json | In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tun_xdp_one()... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46320 json | In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tap_get_user_xdp() tap... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46319 json | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release RCU read lock after ct_f... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46317 json | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmus array behind mmu_lock ... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46316 json | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache referen... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46311 json | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use ... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46307 json | In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: >... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46306 json | In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 251... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46304 json | In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46303 json | In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent agains... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46299 json | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplus_fill_super() hf... | Sun, 14 Jun 2026 02:27:23 |
| CVE-2026-46289 json | In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extract_kvec... | Sun, 14 Jun 2026 02:27:22 |
| CVE-2026-46288 json | In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in of_unittest_changese... | Sun, 14 Jun 2026 02:27:22 |
| CVE-2026-46280 json | In the Linux kernel, the following vulnerability has been resolved: lib: test_hmm: evict device pages on file close to avoid... | Sun, 14 Jun 2026 02:27:22 |
| CVE-2026-46277 json | In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ... | Sun, 14 Jun 2026 02:27:22 |
| CVE-2026-46275 json | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in clo... | Sun, 14 Jun 2026 02:27:22 |
| CVE-2026-46274 json | In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_rem... | Sun, 14 Jun 2026 02:27:22 |
| CVE-2026-54421 json | In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, I... | Sun, 14 Jun 2026 00:24:51 |
| CVE-2026-54420 json | LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by ... | Sun, 14 Jun 2026 00:24:51 |
| CVE-2026-12176 json | A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted ... | Sat, 13 Jun 2026 20:23:29 |
| CVE-2025-55659 json | A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to ... | Sat, 13 Jun 2026 20:23:29 |
| CVE-2025-55657 json | A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers t... | Sat, 13 Jun 2026 20:23:29 |
| CVE-2025-55651 json | A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows atta... | Sat, 13 Jun 2026 20:23:29 |
| CVE-2025-52293 json | A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows at... | Sat, 13 Jun 2026 20:23:29 |
| CVE-2025-52292 json | A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of ... | Sat, 13 Jun 2026 20:23:29 |
| CVE-2026-12175 json | A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the fi... | Sat, 13 Jun 2026 19:23:27 |
| CVE-2026-12174 json | A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /... | Sat, 13 Jun 2026 17:23:24 |
| CVE-2026-12183 json | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication... | Sat, 13 Jun 2026 14:19:40 |
| CVE-2026-6428 json | SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before... | Sat, 13 Jun 2026 13:18:36 |
| CVE-2026-53982 json | Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to b... | Sat, 13 Jun 2026 09:18:12 |
| CVE-2026-5513 json | The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scrip... | Sat, 13 Jun 2026 08:18:10 |
| CVE-2026-11624 json | The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connection... | Sat, 13 Jun 2026 06:18:07 |
| CVE-2026-1291 json | The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on... | Sat, 13 Jun 2026 06:18:07 |
| CVE-2026-9629 json | The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, a... | Sat, 13 Jun 2026 04:18:04 |
| CVE-2026-3297 json | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripti... | Sat, 13 Jun 2026 04:18:04 |
| CVE-2026-2470 json | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization i... | Sat, 13 Jun 2026 04:18:04 |
| CVE-2026-9134 json | The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode par... | Sat, 13 Jun 2026 03:17:07 |
| CVE-2026-9109 json | The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulne... | Sat, 13 Jun 2026 03:17:07 |
| CVE-2026-9062 json | The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-p... | Sat, 13 Jun 2026 03:17:07 |
| CVE-2026-9061 json | The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and output... | Sat, 13 Jun 2026 03:17:07 |
| CVE-2026-11769 json | We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path trav... | Sat, 13 Jun 2026 02:30:15 |
| CVE-2026-49396 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before ... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47260 json | Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the Saf... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47223 json | NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.169... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47200 json | Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to be... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47197 json | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use ... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47141 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtin... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-47131 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buf... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-46717 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before ... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-45013 json | ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset ... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-42853 json | ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and inclu... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-9641 json | Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorith... | Sat, 13 Jun 2026 00:27:11 |
| CVE-2026-49973 json | Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote att... | Sat, 13 Jun 2026 00:27:10 |
| CVE-2026-47238 json | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit a... | Sat, 13 Jun 2026 00:27:10 |
| CVE-2026-54231 json | A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script quer... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-54230 json | A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write o... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-54229 json | A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory ... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-54228 json | A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dum... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-47188 json | Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-47175 json | Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several mo... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-44705 json | tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vuln... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-12089 json | The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in vers... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-9848 json | The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions ... | Fri, 12 Jun 2026 23:25:31 |
| CVE-2026-47162 json | Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists i... | Fri, 12 Jun 2026 21:08:00 |
| CVE-2026-12016 json | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromis... | Fri, 12 Jun 2026 21:08:00 |
| CVE-2026-12015 json | Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the rendere... | Fri, 12 Jun 2026 21:08:00 |
| CVE-2026-12014 json | Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potential... | Fri, 12 Jun 2026 21:08:00 |
| CVE-2026-12019 json | Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who h... | Fri, 12 Jun 2026 20:52:51 |
| CVE-2026-12017 json | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had comprom... | Fri, 12 Jun 2026 20:52:51 |
| CVE-2026-12027 json | Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromis... | Fri, 12 Jun 2026 20:37:44 |
| CVE-2026-12024 json | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same... | Fri, 12 Jun 2026 20:37:44 |
| CVE-2026-12022 json | Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the rende... | Fri, 12 Jun 2026 20:37:44 |
| CVE-2026-12020 json | Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit h... | Fri, 12 Jun 2026 20:37:44 |
| CVE-2026-11443 json | Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attacke... | Fri, 12 Jun 2026 20:22:14 |
| CVE-2026-11442 json | Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to ... | Fri, 12 Jun 2026 20:22:14 |
| CVE-2026-12068 json | Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker ope... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2026-6676 json | Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-14098 json | Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-10101 json | Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Mach-O file may allow Local Executi... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-9033 json | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Exe... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-9032 json | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Lo... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2025-8351 json | Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may all... | Fri, 12 Jun 2026 19:20:58 |
| CVE-2026-54398 json | An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to a... | Fri, 12 Jun 2026 18:20:17 |
| CVE-2026-54095 json | Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a d... | Fri, 12 Jun 2026 18:20:16 |
| CVE-2026-53868 json | Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary emai... | Fri, 12 Jun 2026 18:20:16 |