CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-57213 json | RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_federation_management... | Mon, 13 Jul 2026 17:43:10 |
| CVE-2026-58410 json | ChurchCRM is an open-source church management system. Prior to version 7.4.0, there was an authorization flaw in the family-s... | Mon, 13 Jul 2026 17:28:10 |
| CVE-2026-58409 json | ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remo... | Mon, 13 Jul 2026 17:28:10 |
| CVE-2026-48364 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could ... | Mon, 13 Jul 2026 17:28:10 |
| CVE-2026-48363 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could ... | Mon, 13 Jul 2026 17:28:10 |
| CVE-2026-15595 json | A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown fu... | Mon, 13 Jul 2026 17:28:10 |
| CVE-2026-15594 json | A vulnerability was found in waooAI waoowaoo up to 0.4.1. Impacted is the function stablePublicIdFromStorageKey in the librar... | Mon, 13 Jul 2026 17:28:10 |
| CVE-2026-57215 json | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings t... | Mon, 13 Jul 2026 17:28:09 |
| CVE-2026-57214 json | RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue... | Mon, 13 Jul 2026 17:28:09 |
| CVE-2026-42014 json | A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead ... | Mon, 13 Jul 2026 17:28:09 |
| CVE-2026-57217 json | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can a... | Mon, 13 Jul 2026 17:13:09 |
| CVE-2026-57216 json | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream P... | Mon, 13 Jul 2026 17:13:09 |
| CVE-2026-57019 json | An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks... | Mon, 13 Jul 2026 17:13:09 |
| CVE-2026-33803 json | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved all... | Mon, 13 Jul 2026 17:13:09 |
| CVE-2026-57221 json | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authoriz... | Mon, 13 Jul 2026 16:58:09 |
| CVE-2026-57220 json | RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured st... | Mon, 13 Jul 2026 16:58:09 |
| CVE-2026-57219 json | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoin... | Mon, 13 Jul 2026 16:58:09 |
| CVE-2026-57218 json | RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receivi... | Mon, 13 Jul 2026 16:58:09 |
| CVE-2026-57020 json | An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networ... | Mon, 13 Jul 2026 16:58:09 |
| CVE-2026-58228 json | Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation a... | Mon, 13 Jul 2026 16:43:09 |
| CVE-2026-26396 json | OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/ro... | Mon, 13 Jul 2026 16:43:09 |
| CVE-2025-45869 json | LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated... | Mon, 13 Jul 2026 16:43:09 |
| CVE-2026-62143 json | A Server-Side Request Forgery (SSRF) protection bypass existed in the html_to_markdown expansion module of misp-modules. The... | Mon, 13 Jul 2026 16:43:08 |
| CVE-2026-58596 json | Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a... | Mon, 13 Jul 2026 16:43:08 |
| CVE-2026-58281 json | Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a n... | Mon, 13 Jul 2026 16:43:08 |
| CVE-2026-57021 json | An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an un... | Mon, 13 Jul 2026 16:43:08 |
| CVE-2026-33801 json | An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Network... | Mon, 13 Jul 2026 16:43:08 |
| CVE-2026-7162 json | Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the a... | Mon, 13 Jul 2026 16:43:08 |
| CVE-2026-58408 json | ChurchCRM is an open-source church management system. Prior to version 7.4.0, a low-privileged user can bypass the /admin/exp... | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-58407 json | Rejected reason: Please submit CVE requests for each vulnerability. | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-57433 json | Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_... | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-57432 json | Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and ... | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-55773 json | CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. ... | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-55771 json | CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. ... | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-14906 json | Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Fi... | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-12536 json | The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Module Title’ param... | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-12385 json | The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,... | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-6875 json | ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulner... | Mon, 13 Jul 2026 16:28:09 |
| CVE-2026-59245 json | In the Apache Airflow FAB auth manager, a DAG whose `dag_id` is `DAGs` collided with the global all-DAGs permission resource ... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-58065 json | The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH ho... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-57030 json | A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet for... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-57029 json | A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series all... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-44383 json | Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy ... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-42952 json | Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow a... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-20744 json | The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege esc... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-15533 json | A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the c... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-15527 json | A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the compon... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-15477 json | A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-15471 json | A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-15087 json | vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-15086 json | vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] ver... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-14480 json | OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workfl... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-13221 json | Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fix... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-11915 json | vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*... | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-11914 json | vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. | Mon, 13 Jul 2026 16:28:08 |
| CVE-2026-57028 json | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved all... | Mon, 13 Jul 2026 16:28:07 |
| CVE-2026-57027 json | A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks ... | Mon, 13 Jul 2026 16:28:07 |
| CVE-2026-61874 json | filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing... | Mon, 13 Jul 2026 16:13:08 |
| CVE-2026-61462 json | mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that allows attackers to redirec... | Mon, 13 Jul 2026 16:13:08 |
| CVE-2026-40553 json | Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk (ftype() routine). This issue cou... | Mon, 13 Jul 2026 16:13:08 |
| CVE-2026-40469 json | Integer overflow vulnerability has been found in "builtin.c" program file of gawk (do_sub() routine). This issue could be use... | Mon, 13 Jul 2026 16:13:08 |
| CVE-2026-40468 json | Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion o... | Mon, 13 Jul 2026 16:13:08 |
| CVE-2026-40467 json | Use After Free vulnerability has been found in "io.c" program file of gawk (do_getline_redir() routine). This issue may lead ... | Mon, 13 Jul 2026 16:13:08 |
| CVE-2026-14453 json | This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads ... | Mon, 13 Jul 2026 16:13:08 |
| CVE-2026-6847 json | Remote Code Execution vulnerability exists in ThemisNETPanel due to missing authentication for a critical file upload functio... | Mon, 13 Jul 2026 16:13:08 |
| CVE-2026-4769 json | Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup seq... | Mon, 13 Jul 2026 16:13:08 |
| CVE-2026-61454 json | The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ i... | Mon, 13 Jul 2026 16:13:07 |
| CVE-2026-61448 json | Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions >= 9.0.0, < 9.10.0-alpha.2 and <= 8... | Mon, 13 Jul 2026 16:13:07 |
| CVE-2026-59260 json | OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to exe... | Mon, 13 Jul 2026 16:13:07 |
| CVE-2026-57054 json | A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX ... | Mon, 13 Jul 2026 16:13:07 |
| CVE-2026-57032 json | An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS... | Mon, 13 Jul 2026 16:13:07 |
| CVE-2026-11321 json | The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly into SQL queri... | Mon, 13 Jul 2026 16:13:07 |
| CVE-2026-61463 json | Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify... | Mon, 13 Jul 2026 15:58:07 |
| CVE-2026-60103 json | Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adj... | Mon, 13 Jul 2026 15:58:07 |
| CVE-2026-59155 json | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/... | Mon, 13 Jul 2026 15:58:07 |
| CVE-2026-58499 json | EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ... | Mon, 13 Jul 2026 15:58:07 |
| CVE-2026-57850 json | RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limite... | Mon, 13 Jul 2026 15:58:07 |
| CVE-2026-55772 json | CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. ... | Mon, 13 Jul 2026 15:58:07 |
| CVE-2026-14934 json | A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab E... | Mon, 13 Jul 2026 15:58:07 |
| CVE-2026-13014 json | A vulnerability in Thales CERT "Suspicious" application =< 1.3.4 allows a remote and unauthenticated attacker to execute arb... | Mon, 13 Jul 2026 15:58:07 |
| CVE-2014-5287 json | A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the... | Mon, 13 Jul 2026 15:58:06 |
| CVE-2026-61505 json | Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated a... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-61504 json | Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be force... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-61503 json | Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submi... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-61502 json | Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and exempts GET requests from its anti... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-61501 json | Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauth... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-61500 json | Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-49972 json | Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote co... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-49971 json | Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous use... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-49970 json | Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attack... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-49969 json | Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbi... | Mon, 13 Jul 2026 15:43:07 |
| CVE-2026-61876 json | LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network att... | Mon, 13 Jul 2026 15:43:06 |
| CVE-2026-61875 json | luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScri... | Mon, 13 Jul 2026 15:43:06 |
| CVE-2026-61498 json | Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gen_graphs.php endpoin... | Mon, 13 Jul 2026 15:43:06 |
| CVE-2026-60121 json | Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/ping.php endpoint that... | Mon, 13 Jul 2026 15:43:06 |
| CVE-2026-15551 json | Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects . | Mon, 13 Jul 2026 15:43:06 |
| CVE-2026-14165 json | An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 ... | Mon, 13 Jul 2026 15:43:06 |
| CVE-2026-15557 json | A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTask... | Mon, 13 Jul 2026 15:28:22 |
| CVE-2026-15546 json | A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the... | Mon, 13 Jul 2026 15:28:22 |
| CVE-2026-15543 json | A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo.... | Mon, 13 Jul 2026 15:28:22 |