CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-34593 json | Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Modu... | Mon, 13 Apr 2026 14:37:17 |
| CVE-2026-34523 json | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, i... | Mon, 13 Apr 2026 14:37:17 |
| CVE-2026-34522 json | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, i... | Mon, 13 Apr 2026 14:37:17 |
| CVE-2026-32186 json | Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network. | Mon, 13 Apr 2026 14:37:17 |
| CVE-2026-28798 json | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a prox... | Mon, 13 Apr 2026 14:37:17 |
| CVE-2026-25726 json | Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-... | Mon, 13 Apr 2026 14:37:17 |
| CVE-2026-22661 json | prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to ... | Mon, 13 Apr 2026 14:37:17 |
| CVE-2026-6196 json | A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. ... | Mon, 13 Apr 2026 14:22:19 |
| CVE-2026-6195 json | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function s... | Mon, 13 Apr 2026 14:22:19 |
| CVE-2026-6194 json | A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 ... | Mon, 13 Apr 2026 14:22:19 |
| CVE-2026-34621 json | Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Objec... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-32316 json | jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_app... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-28291 json | simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitr... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-23900 json | Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discov... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-21012 json | External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file w... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-21011 json | Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to ... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-21010 json | Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functio... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-6100 json | Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory al... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-5919 json | Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker wh... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-5870 json | Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-5869 json | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensiti... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-5868 json | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary c... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-5867 json | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensiti... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2025-3756 json | A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed ... | Mon, 13 Apr 2026 14:22:18 |
| CVE-2026-33238 json | WWBN AVideo is an open source video platform. Prior to version 26.0, the `listFiles.json.php` endpoint accepts a `path` POST ... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2026-33237 json | WWBN AVideo is an open source video platform. Prior to version 26.0, the Scheduler plugin's `run()` function in `plugin/Sched... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2026-28292 json | `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2026-28261 json | Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, ... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2026-25742 json | Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2026-22665 json | prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2026-22664 json | prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2026-22663 json | prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks a... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2026-22662 json | prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator t... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2026-21643 json | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClient... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2025-60710 json | Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacke... | Mon, 13 Apr 2026 14:22:17 |
| CVE-2025-11731 json | A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during styleshe... | Mon, 13 Apr 2026 14:22:16 |
| CVE-2023-36424 json | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Mon, 13 Apr 2026 14:22:16 |
| CVE-2023-21529 json | Microsoft Exchange Server Remote Code Execution Vulnerability | Mon, 13 Apr 2026 14:22:16 |
| CVE-2020-9715 json | Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 ... | Mon, 13 Apr 2026 14:22:16 |
| CVE-2012-1854 json | Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Micros... | Mon, 13 Apr 2026 14:22:16 |
| CVE-2026-34561 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 13 Apr 2026 14:07:16 |
| CVE-2026-34560 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 13 Apr 2026 14:07:16 |
| CVE-2026-34559 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 13 Apr 2026 14:07:16 |
| CVE-2026-5875 json | Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted... | Mon, 13 Apr 2026 14:07:16 |
| CVE-2026-5874 json | Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage ... | Mon, 13 Apr 2026 14:07:16 |
| CVE-2026-5873 json | Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary cod... | Mon, 13 Apr 2026 14:07:16 |
| CVE-2026-5872 json | Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a ... | Mon, 13 Apr 2026 14:07:16 |
| CVE-2026-34607 json | Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the em... | Mon, 13 Apr 2026 13:52:16 |
| CVE-2026-34229 json | Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vulnera... | Mon, 13 Apr 2026 13:52:16 |
| CVE-2026-5879 json | Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker ... | Mon, 13 Apr 2026 13:52:16 |
| CVE-2026-5876 json | Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cros... | Mon, 13 Apr 2026 13:52:16 |
| CVE-2026-34228 json | Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and... | Mon, 13 Apr 2026 13:52:15 |
| CVE-2026-34061 json | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algori... | Mon, 13 Apr 2026 13:52:15 |
| CVE-2026-34052 json | LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAut... | Mon, 13 Apr 2026 13:52:15 |
| CVE-2026-33184 json | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algori... | Mon, 13 Apr 2026 13:52:15 |
| CVE-2026-28815 json | A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation pa... | Mon, 13 Apr 2026 13:52:15 |
| CVE-2026-5863 json | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary cod... | Mon, 13 Apr 2026 13:37:16 |
| CVE-2026-5862 json | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary cod... | Mon, 13 Apr 2026 13:37:16 |
| CVE-2026-5861 json | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a san... | Mon, 13 Apr 2026 13:37:16 |
| CVE-2026-5860 json | Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a... | Mon, 13 Apr 2026 13:37:16 |
| CVE-2026-5859 json | Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corru... | Mon, 13 Apr 2026 13:37:16 |
| CVE-2026-5858 json | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via... | Mon, 13 Apr 2026 13:37:16 |
| CVE-2026-34933 json | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version... | Mon, 13 Apr 2026 13:37:15 |
| CVE-2026-34824 json | Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5,... | Mon, 13 Apr 2026 13:37:15 |
| CVE-2026-34788 json | Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include... | Mon, 13 Apr 2026 13:37:15 |
| CVE-2026-34787 json | Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion (LFI) vulnerability exis... | Mon, 13 Apr 2026 13:37:15 |
| CVE-2026-34612 json | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deploym... | Mon, 13 Apr 2026 13:37:15 |
| CVE-2026-33943 json | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 2... | Mon, 13 Apr 2026 13:37:15 |
| CVE-2026-39940 json | ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM app... | Mon, 13 Apr 2026 13:22:16 |
| CVE-2026-6193 json | A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the f... | Mon, 13 Apr 2026 13:22:16 |
| CVE-2026-6192 json | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the l... | Mon, 13 Apr 2026 13:22:16 |
| CVE-2026-6191 json | A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the fi... | Mon, 13 Apr 2026 13:22:16 |
| CVE-2026-6190 json | A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of ... | Mon, 13 Apr 2026 13:22:16 |
| CVE-2026-6189 json | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown ... | Mon, 13 Apr 2026 13:22:16 |
| CVE-2026-39510 json | Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-g... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-39483 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK Al... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-39479 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force OttoKi... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-39476 json | Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured A... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-39473 json | Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retr... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-36952 json | Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_c... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-36950 json | Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php. | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-36948 json | Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php. | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-33858 json | Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the we... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-33555 json | An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a pre... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-23891 json | Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code executi... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-5866 json | Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a ... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-5865 json | Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a san... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-5864 json | Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sens... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-3446 json | When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2025-66236 json | Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actio... | Mon, 13 Apr 2026 13:22:15 |
| CVE-2026-39466 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-... | Mon, 13 Apr 2026 13:22:14 |
| CVE-2026-35578 json | Rejected reason: This CVE is a duplicate of another CVE.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026... | Mon, 13 Apr 2026 13:22:14 |
| CVE-2026-32725 json | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is v... | Mon, 13 Apr 2026 13:22:14 |
| CVE-2026-23527 json | H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Reques... | Mon, 13 Apr 2026 13:22:14 |
| CVE-2026-34586 json | PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to vers... | Mon, 13 Apr 2026 13:07:14 |
| CVE-2026-32726 json | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is v... | Mon, 13 Apr 2026 13:07:14 |
| CVE-2026-3469 json | A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, al... | Mon, 13 Apr 2026 12:52:14 |
| CVE-2026-3468 json | A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improp... | Mon, 13 Apr 2026 12:52:13 |
| CVE-2026-6231 json | The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in ... | Mon, 13 Apr 2026 12:22:16 |
| CVE-2026-36938 json | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php. | Mon, 13 Apr 2026 12:22:15 |