CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-45675 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP an... | Fri, 15 May 2026 16:28:44 |
| CVE-2026-45671 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authen... | Fri, 15 May 2026 16:28:44 |
| CVE-2026-45399 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authen... | Fri, 15 May 2026 16:28:44 |
| CVE-2026-45349 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user jus... | Fri, 15 May 2026 16:28:44 |
| CVE-2026-45339 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI... | Fri, 15 May 2026 16:28:44 |
| CVE-2026-46408 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-45331 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_u... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44568 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the Accoun... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44564 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:d... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44563 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/g... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44562 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44561 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_use... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44560 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: ... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44559 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /a... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44558 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channe... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44557 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the _valid... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44556 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /respo... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44555 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44554 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44553 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administra... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44552 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the tool_s... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44551 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP a... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-44550 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm... | Fri, 15 May 2026 16:28:43 |
| CVE-2025-67031 json | ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerabilit... | Fri, 15 May 2026 16:28:43 |
| CVE-2026-46333 json | In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dump... | Fri, 15 May 2026 16:28:42 |
| CVE-2026-45053 json | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in th... | Fri, 15 May 2026 16:28:42 |
| CVE-2026-44695 json | Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /aut... | Fri, 15 May 2026 16:28:42 |
| CVE-2026-44376 json | CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the Cube... | Fri, 15 May 2026 16:28:42 |
| CVE-2026-43912 json | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_use... | Fri, 15 May 2026 16:28:42 |
| CVE-2026-22586 json | Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile... | Fri, 15 May 2026 16:28:42 |
| CVE-2026-43335 json | In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-24000 json | Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers wh... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-20914 json | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applicat... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-20905 json | Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applicati... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-20881 json | Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may al... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-20793 json | Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Application... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-20782 json | Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may a... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-20771 json | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applicati... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-20767 json | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applicat... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-20717 json | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applicat... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-20714 json | Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications m... | Fri, 15 May 2026 16:13:47 |
| CVE-2026-8401 json | Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3. | Fri, 15 May 2026 16:13:47 |
| CVE-2026-6335 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions... | Fri, 15 May 2026 15:58:42 |
| CVE-2026-42897 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an u... | Fri, 15 May 2026 15:43:46 |
| CVE-2026-42295 json | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version... | Fri, 15 May 2026 15:43:46 |
| CVE-2026-46407 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-46367 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated use... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-46366 json | phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permiss... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-46365 json | phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint t... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-46364 json | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and Built... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-46363 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass s... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-46362 json | phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission()... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-46361 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.an... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-46360 json | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits r... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-46359 json | phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-45800 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-45622 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-8686 json | Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial o... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-4054 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied ima... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-4053 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields wh... | Fri, 15 May 2026 15:28:48 |
| CVE-2026-45616 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, Th... | Fri, 15 May 2026 15:28:47 |
| CVE-2026-45010 json | phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check... | Fri, 15 May 2026 15:28:47 |
| CVE-2026-45009 json | phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordi... | Fri, 15 May 2026 15:28:47 |
| CVE-2026-45008 json | phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_... | Fri, 15 May 2026 15:28:47 |
| CVE-2026-45007 json | phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthe... | Fri, 15 May 2026 15:28:47 |
| CVE-2026-44826 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvv... | Fri, 15 May 2026 15:28:47 |
| CVE-2026-44719 json | Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.1... | Fri, 15 May 2026 15:28:47 |
| CVE-2026-44718 json | Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.1... | Fri, 15 May 2026 15:28:47 |
| CVE-2026-44366 json | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a S... | Fri, 15 May 2026 15:28:47 |
| CVE-2021-47968 json | Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject ... | Fri, 15 May 2026 15:28:47 |
| CVE-2021-47967 json | PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbi... | Fri, 15 May 2026 15:28:47 |
| CVE-2021-47966 json | PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of... | Fri, 15 May 2026 15:28:47 |
| CVE-2021-47965 json | WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor componen... | Fri, 15 May 2026 15:28:47 |
| CVE-2021-47964 json | Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PH... | Fri, 15 May 2026 15:28:47 |
| CVE-2021-47963 json | Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecti... | Fri, 15 May 2026 15:28:47 |
| CVE-2026-46383 json | Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a... | Fri, 15 May 2026 15:28:46 |
| CVE-2026-45803 json | `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in G... | Fri, 15 May 2026 15:28:46 |
| CVE-2026-45038 json | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control c... | Fri, 15 May 2026 15:28:46 |
| CVE-2026-44699 json | LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter a... | Fri, 15 May 2026 15:28:46 |
| CVE-2026-44641 json | Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes... | Fri, 15 May 2026 15:28:46 |
| CVE-2026-42458 json | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community E... | Fri, 15 May 2026 15:28:46 |
| CVE-2026-42207 json | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community E... | Fri, 15 May 2026 15:28:46 |
| CVE-2026-35194 json | Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users ... | Fri, 15 May 2026 15:28:46 |
| CVE-2025-67437 json | Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitr... | Fri, 15 May 2026 15:28:46 |
| CVE-2021-47962 json | Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authe... | Fri, 15 May 2026 15:28:46 |
| CVE-2021-47959 json | WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust ... | Fri, 15 May 2026 15:28:46 |
| CVE-2021-47958 json | CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTT... | Fri, 15 May 2026 15:28:46 |
| CVE-2026-45371 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-44478 json | hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthen... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-44430 json | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Regi... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-44312 json | css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing ... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-43887 json | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, the Outline comment section permits u... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-43885 json | WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecre... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-43879 json | WWBN AVideo is an open source video platform. In versions up to and including 29.0, an authenticated user can configure their... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-42554 json | Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote a... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-42552 json | Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::_error() writes the full ... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-42461 json | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpo... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-41893 json | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoin... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-31231 json | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The e... | Fri, 15 May 2026 15:28:45 |
| CVE-2026-31223 json | The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load... | Fri, 15 May 2026 15:28:45 |