CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-56410 json | xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. | Sun, 21 Jun 2026 12:20:11 |
| CVE-2026-56409 json | xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | Sun, 21 Jun 2026 12:20:11 |
| CVE-2026-56408 json | libexpat before 2.8.2 has an integer overflow in copyString. | Sun, 21 Jun 2026 12:20:11 |
| CVE-2026-56407 json | libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | Sun, 21 Jun 2026 12:20:11 |
| CVE-2026-56406 json | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | Sun, 21 Jun 2026 12:20:11 |
| CVE-2026-56405 json | libexpat before 2.8.2 has an integer overflow in getAttributeId. | Sun, 21 Jun 2026 12:20:11 |
| CVE-2026-56404 json | libexpat before 2.8.2 has an integer overflow in addBinding. | Sun, 21 Jun 2026 12:20:11 |
| CVE-2026-56403 json | libexpat before 2.8.2 has an integer overflow in storeAtts. | Sun, 21 Jun 2026 12:20:11 |
| CVE-2026-56397 json | SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious pack... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56396 json | phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allo... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56395 json | SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious pack... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56394 json | Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extensi... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56393 json | Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scrip... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56385 json | Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56384 json | Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without p... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56383 json | Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row ... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56382 json | Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in th... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56381 json | Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56378 json | ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56367 json | ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (Re... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56316 json | Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that a... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56299 json | Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unau... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56265 json | Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docke... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56253 json | Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that allow... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56251 json | Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to e... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56242 json | Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_only that returns the own... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56239 json | Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.apply_usage_overage SECURITY DEFI... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56236 json | Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that fo... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-56229 json | Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allo... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2025-71378 json | picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to ... | Sun, 21 Jun 2026 10:18:23 |
| CVE-2026-11526 json | GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _m... | Sun, 21 Jun 2026 10:18:22 |
| CVE-2025-71357 json | picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduc... | Sun, 21 Jun 2026 10:18:22 |
| CVE-2025-71351 json | picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing r... | Sun, 21 Jun 2026 10:18:22 |
| CVE-2025-71348 json | picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function w... | Sun, 21 Jun 2026 10:18:22 |
| CVE-2020-37255 json | WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers t... | Sun, 21 Jun 2026 09:18:36 |
| CVE-2019-25763 json | WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to... | Sun, 21 Jun 2026 09:18:35 |
| CVE-2026-48908 json | A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in... | Sun, 21 Jun 2026 08:18:38 |
| CVE-2026-12799 json | A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_us... | Sun, 21 Jun 2026 06:18:52 |
| CVE-2026-12798 json | A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_s... | Sun, 21 Jun 2026 06:18:52 |
| CVE-2026-12797 json | A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file... | Sun, 21 Jun 2026 06:18:52 |
| CVE-2026-12796 json | A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid o... | Sun, 21 Jun 2026 06:18:52 |
| CVE-2026-12795 json | A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/prox... | Sun, 21 Jun 2026 05:18:17 |
| CVE-2026-12789 json | A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQu... | Sun, 21 Jun 2026 05:18:17 |
| CVE-2026-12788 json | A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发... | Sun, 21 Jun 2026 05:18:17 |
| CVE-2026-12787 json | Sun, 21 Jun 2026 05:18:17 | |
| CVE-2026-56099 json | OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within ... | Sun, 21 Jun 2026 05:18:16 |
| CVE-2026-12786 json | A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown func... | Sun, 21 Jun 2026 05:18:16 |
| CVE-2026-12225 json | syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnera... | Sun, 21 Jun 2026 05:18:16 |
| CVE-2025-20701 json | In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could le... | Sun, 21 Jun 2026 05:18:16 |
| CVE-2025-10560 json | Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps clien... | Sun, 21 Jun 2026 05:18:16 |
| CVE-2026-52911 json | In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn->binding slowpath to bound sessions on... | Sun, 21 Jun 2026 04:18:39 |
| CVE-2026-12784 json | A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA... | Sun, 21 Jun 2026 04:18:39 |
| CVE-2026-12782 json | A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the... | Sun, 21 Jun 2026 04:18:38 |
| CVE-2026-12781 json | A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the libr... | Sun, 21 Jun 2026 04:18:38 |
| CVE-2026-12780 json | A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of... | Sun, 21 Jun 2026 02:18:07 |
| CVE-2026-12779 json | A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the libr... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12778 json | A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the lib... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12776 json | A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unk... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12775 json | A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by ... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12770 json | A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litel... | Sun, 21 Jun 2026 02:18:06 |
| CVE-2026-12774 json | A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _e... | Sun, 21 Jun 2026 00:18:03 |
| CVE-2026-12773 json | A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/p... | Sun, 21 Jun 2026 00:18:03 |
| CVE-2026-12772 json | A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file ... | Sat, 20 Jun 2026 23:17:03 |
| CVE-2026-12771 json | A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/au... | Sat, 20 Jun 2026 22:46:41 |
| CVE-2026-56355 json | GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization. | Sat, 20 Jun 2026 17:25:16 |
| CVE-2026-56347 json | AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56346 json | AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allo... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56345 json | AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56342 json | AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenti... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56341 json | AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorizatio... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-56340 json | vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorc... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2025-71379 json | vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several reg... | Sat, 20 Jun 2026 15:22:55 |
| CVE-2026-5366 json | Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRe... | Sat, 20 Jun 2026 13:20:55 |
| CVE-2026-56332 json | Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirec... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56330 json | Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unva... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56325 json | Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolv... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56319 json | Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allow... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56317 json | Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component ... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56307 json | Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56304 json | picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create ... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56295 json | Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56294 json | capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceede... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56282 json | Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that expo... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56276 json | Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated user... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56267 json | Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint tha... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56235 json | Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, g... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56228 json | Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configurat... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56227 json | Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-56218 json | Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information ... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2025-71331 json | Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messa... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2024-58351 json | Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, s... | Sat, 20 Jun 2026 12:34:43 |
| CVE-2026-12673 json | Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation fr... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2022-50972 json | WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injec... | Sat, 20 Jun 2026 10:17:50 |
| CVE-2026-48939 json | A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ult... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2026-48909 json | SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthentic... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2019-25752 json | Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to ... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2019-25749 json | Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary ... | Sat, 20 Jun 2026 09:47:49 |
| CVE-2026-12119 json | The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check ... | Sat, 20 Jun 2026 05:29:46 |
| CVE-2026-11912 json | The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization chec... | Sat, 20 Jun 2026 05:29:46 |
| CVE-2026-11911 json | The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation i... | Sat, 20 Jun 2026 05:29:46 |