CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.

Read the API docs

[rss] [api]
Recent CVEs
Recently updated CVE records
CVE Description Updated
CVE-2026-15982 json The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Pr... Fri, 17 Jul 2026 02:25:28
CVE-2026-15094 json The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' parameter i... Fri, 17 Jul 2026 02:25:28
CVE-2026-10649 json A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote... Fri, 17 Jul 2026 02:25:28
CVE-2026-60060 json Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by ... Fri, 17 Jul 2026 01:25:25
CVE-2026-59866 json Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clie... Fri, 17 Jul 2026 01:25:25
CVE-2026-58317 json Unsigned to Signed Conversion Error (CWE-196) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project... Fri, 17 Jul 2026 01:25:25
CVE-2026-41993 json Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local at... Fri, 17 Jul 2026 01:25:25
CVE-2026-21770 json HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to mo... Fri, 17 Jul 2026 01:25:25
CVE-2026-15759 json The ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form plugin for WordPress is vulnerable to S... Fri, 17 Jul 2026 01:25:25
CVE-2026-15457 json The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Directory Traversal i... Fri, 17 Jul 2026 01:25:25
CVE-2026-15349 json The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass... Fri, 17 Jul 2026 01:25:25
CVE-2026-15161 json The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and inclu... Fri, 17 Jul 2026 01:25:25
CVE-2026-14503 json The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includin... Fri, 17 Jul 2026 01:25:25
CVE-2026-13765 json The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive In... Fri, 17 Jul 2026 01:25:25
CVE-2026-13352 json The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress p... Fri, 17 Jul 2026 01:25:25
CVE-2026-59865 json Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota info` read x-ms-kiota-info.languagesInformation... Fri, 17 Jul 2026 01:25:24
CVE-2026-59864 json Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota plugin add` and `kiota plugin generate` (with `... Fri, 17 Jul 2026 01:25:24
CVE-2026-59862 json Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum ... Fri, 17 Jul 2026 01:25:24
CVE-2026-59861 json Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Ruby generator embedded OpenAPI default fields... Fri, 17 Jul 2026 01:25:24
CVE-2026-59860 json Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulne... Fri, 17 Jul 2026 01:25:24
CVE-2026-59859 json Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.4, Kiota's PHP generator embedded OpenAPI description, de... Fri, 17 Jul 2026 01:25:24
CVE-2026-58644 json Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a netwo... Fri, 17 Jul 2026 01:25:24
CVE-2026-58628 json Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking al... Fri, 17 Jul 2026 01:25:24
CVE-2026-56173 json Use after free in Windows WebView allows an authorized attacker to elevate privileges locally. Fri, 17 Jul 2026 01:25:24
CVE-2026-50480 json Heap-based buffer overflow in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privi... Fri, 17 Jul 2026 01:25:24
CVE-2026-50479 json Untrusted pointer dereference in Windows USB Hub Driver allows an authorized attacker to elevate privileges locally. Fri, 17 Jul 2026 01:25:24
CVE-2026-50454 json Relative path traversal in Windows User Interface Core allows an authorized attacker to elevate privileges locally. Fri, 17 Jul 2026 01:25:24
CVE-2026-50321 json Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an a... Fri, 17 Jul 2026 01:25:24
CVE-2026-50311 json Improper access control in Windows Server allows an authorized attacker to elevate privileges locally. Fri, 17 Jul 2026 01:25:24
CVE-2026-49800 json Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate p... Fri, 17 Jul 2026 01:25:24
CVE-2026-39808 json A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiS... Fri, 17 Jul 2026 01:25:24
CVE-2026-57076 json YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syc... Fri, 17 Jul 2026 00:24:53
CVE-2026-57075 json YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec. ... Fri, 17 Jul 2026 00:24:53
CVE-2026-15395 json The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Fri, 17 Jul 2026 00:24:53
CVE-2026-15160 json The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including... Fri, 17 Jul 2026 00:24:53
CVE-2026-15159 json The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, ... Fri, 17 Jul 2026 00:24:53
CVE-2026-13713 json YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the p... Fri, 17 Jul 2026 00:24:53
CVE-2026-11324 json The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cross-Sit... Fri, 17 Jul 2026 00:24:53
CVE-2026-8616 json The Fense Proxy & VPN Blocker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabi... Fri, 17 Jul 2026 00:24:53
CVE-2026-48366 json Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Thu, 16 Jul 2026 23:38:15
CVE-2026-48344 json Creative Cloud Desktop is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in ... Thu, 16 Jul 2026 23:38:15
CVE-2026-48308 json Premiere Pro is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An att... Thu, 16 Jul 2026 23:38:15
CVE-2026-48274 json After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Thu, 16 Jul 2026 23:38:15
CVE-2026-48272 json Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code e... Thu, 16 Jul 2026 23:38:15
CVE-2026-48270 json Premiere Pro is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context... Thu, 16 Jul 2026 23:38:15
CVE-2026-48269 json Premiere Pro is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the c... Thu, 16 Jul 2026 23:38:15
CVE-2026-47979 json Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attack... Thu, 16 Jul 2026 23:38:15
CVE-2026-47976 json Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Thu, 16 Jul 2026 23:38:15
CVE-2026-47971 json Media Encoder is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the... Thu, 16 Jul 2026 23:38:14
CVE-2026-24272 json NVIDIA TensorRT contains a vulnerability where an attacker might cause an overflow to a heap-based buffer. A successful explo... Thu, 16 Jul 2026 23:38:14
CVE-2026-24268 json NVIDIA TensorRT contains a vulnerability where an attacker might cause a heap-based buffer overflow. A successful exploit of ... Thu, 16 Jul 2026 23:38:14
CVE-2026-24238 json NVIDIA TensorRT for contains a vulnerability where an attacker might cause an improper validation of array index. A successfu... Thu, 16 Jul 2026 23:38:14
CVE-2026-24227 json NVIDIA TensorRT for contains a vulnerability where a user might cause a deserialization of untrusted data. A successful explo... Thu, 16 Jul 2026 23:38:14
CVE-2026-59733 json Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4... Thu, 16 Jul 2026 23:22:36
CVE-2026-59732 json Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4... Thu, 16 Jul 2026 23:22:36
CVE-2026-54572 json Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4... Thu, 16 Jul 2026 23:22:36
CVE-2026-49981 json Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is comput... Thu, 16 Jul 2026 23:22:36
CVE-2026-48808 json Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does... Thu, 16 Jul 2026 23:22:36
CVE-2026-48807 json Twig is a template language for PHP. Prior to 3.27.0, the sandbox __toString() checks do not fully cover Traversable values p... Thu, 16 Jul 2026 23:22:36
CVE-2026-48806 json Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to... Thu, 16 Jul 2026 23:22:36
CVE-2026-48805 json Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward t... Thu, 16 Jul 2026 23:22:36
CVE-2025-56365 json A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, in the interaction model command... Thu, 16 Jul 2026 23:22:36
CVE-2025-56363 json A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionA... Thu, 16 Jul 2026 23:22:36
CVE-2025-56362 json A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.2, specifically within the Level Co... Thu, 16 Jul 2026 23:22:36
CVE-2025-56361 json A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) 1.3 thru 1.4, specifically within the Level Co... Thu, 16 Jul 2026 23:22:36
CVE-2026-48370 json Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Thu, 16 Jul 2026 23:22:35
CVE-2026-48369 json Premiere Pro is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context... Thu, 16 Jul 2026 23:22:35
CVE-2026-48367 json After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Thu, 16 Jul 2026 23:22:35
CVE-2025-56364 json A use of uninitialized value vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, where the `GetDestination... Thu, 16 Jul 2026 23:07:23
CVE-2026-58631 json Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally. Thu, 16 Jul 2026 22:52:14
CVE-2026-58638 json Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. Thu, 16 Jul 2026 22:36:42
CVE-2026-58637 json Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. Thu, 16 Jul 2026 22:36:42
CVE-2026-58632 json Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. Thu, 16 Jul 2026 22:36:42
CVE-2026-58629 json Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. Thu, 16 Jul 2026 22:36:42
CVE-2026-58627 json Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network. Thu, 16 Jul 2026 22:36:42
CVE-2026-58626 json Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network. Thu, 16 Jul 2026 22:36:42
CVE-2026-58545 json Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally. Thu, 16 Jul 2026 22:36:42
CVE-2026-58647 json Improper neutralization of input during web page generation ('cross-site scripting') in Power BI allows an authorized attacke... Thu, 16 Jul 2026 22:36:41
CVE-2026-58640 json Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Thu, 16 Jul 2026 22:36:41
CVE-2026-58636 json Improper link resolution before file access ('link following') in Window PC Manager allows an authorized attacker to elevate ... Thu, 16 Jul 2026 22:36:41
CVE-2026-58635 json Improper neutralization of special elements used in a command ('command injection') in Windows Narrator Braille allows an aut... Thu, 16 Jul 2026 22:36:41
CVE-2026-49177 json Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally. Thu, 16 Jul 2026 22:36:41
CVE-2026-62387 json The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 shipped Access-Control-Allow-Origin: * as its default CORS c... Thu, 16 Jul 2026 22:21:50
CVE-2026-62386 json The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query para... Thu, 16 Jul 2026 22:21:50
CVE-2026-62241 json clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') in a... Thu, 16 Jul 2026 22:21:50
CVE-2026-62238 json OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint that ... Thu, 16 Jul 2026 22:21:50
CVE-2026-62237 json Grav before 2.0.4 contains a regular expression denial of service (ReDoS) vulnerability in the regex_replace filter and funct... Thu, 16 Jul 2026 22:21:50
CVE-2026-62236 json grav-plugin-login before 3.8.11 contains a cross-site request forgery (CSRF) vulnerability in the login.regenerate2FASecret f... Thu, 16 Jul 2026 22:21:50
CVE-2026-62235 json Grav Flex-Objects before version 1.4.3 contains a broken access control vulnerability in the admin-next REST API that allows ... Thu, 16 Jul 2026 22:21:50
CVE-2026-62234 json Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write ... Thu, 16 Jul 2026 22:21:50
CVE-2026-62233 json grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints, all... Thu, 16 Jul 2026 22:21:50
CVE-2026-62232 json Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FASecret... Thu, 16 Jul 2026 22:21:50
CVE-2026-62231 json The Grav API plugin (getgrav/grav-plugin-api) before 1.0.6 contains an authorization bypass: API keys can be created with a r... Thu, 16 Jul 2026 22:21:50
CVE-2026-62230 json Grav before 2.0.4 ships a default .htaccess (and reference webserver-configs/htaccess.txt) whose rules blocking access to sen... Thu, 16 Jul 2026 22:21:50
CVE-2026-62229 json OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-tru... Thu, 16 Jul 2026 22:21:50
CVE-2026-62228 json OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers... Thu, 16 Jul 2026 22:21:50
CVE-2026-62227 json OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail ... Thu, 16 Jul 2026 22:21:50
CVE-2026-62226 json OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to prop... Thu, 16 Jul 2026 22:21:50
CVE-2026-62225 json OpenClaw versions before 2026.5.18 contain an authorization bypass vulnerability in skill command dispatch that allows lower-... Thu, 16 Jul 2026 22:21:50
CVE-2026-62224 json OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable... Thu, 16 Jul 2026 22:21:50
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report