CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.

Read the API docs

[rss] [api]
Recent CVEs
Recently updated CVE records
CVE Description Updated
CVE-2026-58596 json Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a... Sun, 12 Jul 2026 12:22:16
CVE-2026-15502 json A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the... Sun, 12 Jul 2026 09:22:12
CVE-2026-15501 json A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsR... Sun, 12 Jul 2026 09:22:11
CVE-2026-61876 json LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network att... Sun, 12 Jul 2026 08:22:11
CVE-2026-61875 json luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScri... Sun, 12 Jul 2026 08:22:11
CVE-2026-61874 json filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing... Sun, 12 Jul 2026 08:22:11
CVE-2026-59260 json OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to exe... Sun, 12 Jul 2026 08:22:11
CVE-2026-56336 json Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpo... Sun, 12 Jul 2026 08:22:11
CVE-2026-56313 json Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows ... Sun, 12 Jul 2026 08:22:11
CVE-2026-56308 json Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of th... Sun, 12 Jul 2026 08:22:11
CVE-2026-56281 json Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit parame... Sun, 12 Jul 2026 08:22:10
CVE-2026-56271 json Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_t... Sun, 12 Jul 2026 08:22:10
CVE-2026-56260 json Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoint... Sun, 12 Jul 2026 08:22:10
CVE-2026-56259 json Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redir... Sun, 12 Jul 2026 08:22:10
CVE-2026-56252 json Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API... Sun, 12 Jul 2026 08:22:10
CVE-2026-56241 json Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_n... Sun, 12 Jul 2026 08:22:10
CVE-2026-56238 json Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that a... Sun, 12 Jul 2026 08:22:10
CVE-2026-15500 json A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online... Sun, 12 Jul 2026 08:22:10
CVE-2026-15499 json A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the ... Sun, 12 Jul 2026 08:22:10
CVE-2026-15498 json A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an ... Sun, 12 Jul 2026 08:22:10
CVE-2026-15497 json A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-s... Sun, 12 Jul 2026 08:22:10
CVE-2026-15496 json A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the ... Sun, 12 Jul 2026 07:22:09
CVE-2026-15495 json A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the f... Sun, 12 Jul 2026 07:22:09
CVE-2026-15494 json A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/netwo... Sun, 12 Jul 2026 07:22:08
CVE-2026-15493 json A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This iss... Sun, 12 Jul 2026 07:22:08
CVE-2026-15492 json A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerabil... Sun, 12 Jul 2026 07:22:08
CVE-2026-15491 json A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an un... Sun, 12 Jul 2026 06:22:07
CVE-2026-15490 json A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by t... Sun, 12 Jul 2026 06:22:07
CVE-2026-15489 json A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this v... Sun, 12 Jul 2026 05:22:05
CVE-2026-15488 json A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the fi... Sun, 12 Jul 2026 05:22:05
CVE-2026-15487 json A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp... Sun, 12 Jul 2026 05:22:05
CVE-2026-15486 json A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub_42026C of the file /goform/tools... Sun, 12 Jul 2026 05:22:05
CVE-2026-15485 json A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub_43F2C4 of the file /goform/too... Sun, 12 Jul 2026 04:22:04
CVE-2026-15484 json A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /gof... Sun, 12 Jul 2026 03:22:02
CVE-2026-15483 json A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /g... Sun, 12 Jul 2026 03:22:02
CVE-2026-15482 json A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/... Sun, 12 Jul 2026 03:22:02
CVE-2026-15481 json A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test o... Sun, 12 Jul 2026 02:21:14
CVE-2026-15480 json A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/... Sun, 12 Jul 2026 02:21:14
CVE-2026-15479 json A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api... Sun, 12 Jul 2026 02:21:14
CVE-2026-15478 json A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/Empl... Sun, 12 Jul 2026 01:20:16
CVE-2026-15477 json A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs... Sun, 12 Jul 2026 01:20:16
CVE-2026-15476 json A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the ... Sun, 12 Jul 2026 00:19:28
CVE-2026-15475 json A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the li... Sat, 11 Jul 2026 23:18:14
CVE-2026-15474 json A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /cal... Sat, 11 Jul 2026 23:18:14
CVE-2026-15473 json A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the fil... Sat, 11 Jul 2026 23:18:14
CVE-2026-15472 json A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /... Sat, 11 Jul 2026 22:17:28
CVE-2026-15471 json A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_... Sat, 11 Jul 2026 22:17:28
CVE-2026-15470 json A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality ... Sat, 11 Jul 2026 20:31:29
CVE-2026-58281 json Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a n... Sat, 11 Jul 2026 17:27:23
CVE-2026-13757 json A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_... Sat, 11 Jul 2026 13:25:32
CVE-2026-10660 json The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assistant.c reassembled remote Broa... Sat, 11 Jul 2026 13:25:32
CVE-2026-61870 json ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers ... Sat, 11 Jul 2026 10:22:24
CVE-2026-61861 json ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation ... Sat, 11 Jul 2026 10:22:24
CVE-2026-61858 json ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing ... Sat, 11 Jul 2026 10:22:24
CVE-2026-61857 json ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profil... Sat, 11 Jul 2026 10:22:24
CVE-2026-61465 json ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operati... Sat, 11 Jul 2026 10:22:24
CVE-2026-61454 json The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ i... Sat, 11 Jul 2026 10:22:24
CVE-2026-61448 json Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions >= 9.0.0, < 9.10.0-alpha.2 and <= 8... Sat, 11 Jul 2026 10:22:24
CVE-2026-61447 json PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-gener... Sat, 11 Jul 2026 10:22:24
CVE-2026-61445 json PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to m... Sat, 11 Jul 2026 10:22:24
CVE-2026-61442 json PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for proje... Sat, 11 Jul 2026 10:22:24
CVE-2026-61439 json PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CR... Sat, 11 Jul 2026 10:22:24
CVE-2026-61429 json PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that al... Sat, 11 Jul 2026 10:22:24
CVE-2026-61428 json PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to... Sat, 11 Jul 2026 10:22:24
CVE-2026-61426 json PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement an... Sat, 11 Jul 2026 10:22:23
CVE-2026-60090 json PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-st... Sat, 11 Jul 2026 10:22:23
CVE-2026-60088 json PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files ... Sat, 11 Jul 2026 10:22:23
CVE-2026-56763 json Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting specially crafted form field names t... Sat, 11 Jul 2026 10:22:23
CVE-2026-56372 json ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to r... Sat, 11 Jul 2026 10:22:23
CVE-2026-56303 json Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function marked... Sat, 11 Jul 2026 10:22:23
CVE-2026-56296 json Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns ... Sat, 11 Jul 2026 10:22:23
CVE-2026-56240 json Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows organi... Sat, 11 Jul 2026 10:22:23
CVE-2026-57828 json The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users upl... Sat, 11 Jul 2026 06:21:30
CVE-2026-57827 json The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files... Sat, 11 Jul 2026 06:21:30
CVE-2026-1359 json The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a... Sat, 11 Jul 2026 05:21:28
CVE-2026-15155 json The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authentica... Sat, 11 Jul 2026 03:18:15
CVE-2026-15010 json The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 ... Sat, 11 Jul 2026 03:18:15
CVE-2026-9282 json The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via ... Sat, 11 Jul 2026 03:18:15
CVE-2026-9017 json The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versi... Sat, 11 Jul 2026 03:18:15
CVE-2026-6939 json The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval... Sat, 11 Jul 2026 03:18:15
CVE-2026-6801 json The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.... Sat, 11 Jul 2026 03:18:15
CVE-2026-4661 json The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL I... Sat, 11 Jul 2026 03:18:15
CVE-2026-1382 json The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in a... Sat, 11 Jul 2026 03:18:15
CVE-2026-12994 json The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up t... Sat, 11 Jul 2026 03:18:14
CVE-2026-12738 json The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass i... Sat, 11 Jul 2026 03:18:14
CVE-2026-12126 json The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scri... Sat, 11 Jul 2026 03:18:14
CVE-2026-12103 json The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1... Sat, 11 Jul 2026 03:18:14
CVE-2026-11901 json The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up ... Sat, 11 Jul 2026 03:18:14
CVE-2026-11898 json The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up t... Sat, 11 Jul 2026 03:18:14
CVE-2026-11591 json The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all ve... Sat, 11 Jul 2026 03:18:14
CVE-2026-10865 json The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and i... Sat, 11 Jul 2026 03:18:14
CVE-2026-10041 json The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all v... Sat, 11 Jul 2026 03:18:14
CVE-2025-6784 json The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via t... Sat, 11 Jul 2026 03:18:14
CVE-2025-5017 json The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ ... Sat, 11 Jul 2026 03:18:14
CVE-2026-34481 json Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to ... Sat, 11 Jul 2026 02:16:24
CVE-2026-13378 json The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact F... Sat, 11 Jul 2026 02:16:24
CVE-2026-7655 json The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including... Sat, 11 Jul 2026 02:16:24
CVE-2026-15335 json The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form<N>) in all v... Sat, 11 Jul 2026 01:31:24
CVE-2026-9738 json The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_pos... Sat, 11 Jul 2026 01:31:24
CVE-2026-7620 json The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including... Sat, 11 Jul 2026 01:31:24
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report