CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-2347 json | Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce W... | Thu, 14 May 2026 06:27:14 |
| CVE-2025-11024 json | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Softwar... | Thu, 14 May 2026 06:27:14 |
| CVE-2026-6514 json | The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via ... | Thu, 14 May 2026 05:26:51 |
| CVE-2026-6999 json | A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component... | Thu, 14 May 2026 05:26:50 |
| CVE-2026-6512 json | The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. Th... | Thu, 14 May 2026 05:26:50 |
| CVE-2026-6504 json | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag... | Thu, 14 May 2026 05:26:50 |
| CVE-2026-6206 json | The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the... | Thu, 14 May 2026 05:26:50 |
| CVE-2026-6174 json | The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions... | Thu, 14 May 2026 05:26:50 |
| CVE-2026-6145 json | The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and inc... | Thu, 14 May 2026 05:26:50 |
| CVE-2026-6670 json | The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-6510 json | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-6506 json | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. Th... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-6271 json | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via ... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-6252 json | The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in a... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-6225 json | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-ba... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-5395 json | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerab... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-5365 json | The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. Thi... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-5193 json | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege ... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-3892 json | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in a... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-3718 json | The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request hea... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-3694 json | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt_bb... | Thu, 14 May 2026 03:24:42 |
| CVE-2026-8280 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-8181 json | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerab... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-8144 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.1... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-7481 json | GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 b... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-7471 json | GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 b... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-7377 json | GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 b... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-6883 json | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 b... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-6417 json | The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders'... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-6335 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-6073 json | GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 b... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-6063 json | GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 ... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-5396 json | The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-5243 json | The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPr... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-4527 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-4524 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-3829 json | The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vuln... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-3607 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.1... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-3160 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.1... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-3074 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.1... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-3073 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.1... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-2900 json | GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 ... | Thu, 14 May 2026 02:23:57 |
| CVE-2026-45130 json | Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() ... | Thu, 14 May 2026 02:23:56 |
| CVE-2026-1659 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11... | Thu, 14 May 2026 02:23:56 |
| CVE-2026-1338 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.... | Thu, 14 May 2026 02:23:56 |
| CVE-2026-1322 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.1... | Thu, 14 May 2026 02:23:56 |
| CVE-2026-1184 json | GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 b... | Thu, 14 May 2026 02:23:56 |
| CVE-2025-15345 json | The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parame... | Thu, 14 May 2026 02:23:56 |
| CVE-2025-14870 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.1... | Thu, 14 May 2026 02:23:56 |
| CVE-2025-14869 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.1... | Thu, 14 May 2026 02:23:56 |
| CVE-2025-13874 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.1... | Thu, 14 May 2026 02:23:56 |
| CVE-2025-12669 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.... | Thu, 14 May 2026 02:23:56 |
| CVE-2026-7648 json | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypa... | Thu, 14 May 2026 01:23:16 |
| CVE-2026-7525 json | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to... | Thu, 14 May 2026 01:23:16 |
| CVE-2026-5361 json | The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to ... | Thu, 14 May 2026 01:23:16 |
| CVE-2026-46446 json | SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is rel... | Thu, 14 May 2026 00:22:38 |
| CVE-2026-46445 json | SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. | Thu, 14 May 2026 00:22:38 |
| CVE-2026-46419 json | Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the... | Thu, 14 May 2026 00:22:38 |
| CVE-2026-5486 json | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parame... | Thu, 14 May 2026 00:22:38 |
| CVE-2026-44919 json | In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur v... | Wed, 13 May 2026 22:22:11 |
| CVE-2026-42945 json | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when ... | Wed, 13 May 2026 22:22:11 |
| CVE-2026-8500 json | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpassw... | Wed, 13 May 2026 22:22:11 |
| CVE-2024-0241 json | encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and... | Wed, 13 May 2026 22:22:10 |
| CVE-2026-41281 json | Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive In... | Wed, 13 May 2026 20:18:41 |
| CVE-2026-34757 json | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raste... | Wed, 13 May 2026 19:17:31 |
| CVE-2026-32991 json | Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account... | Wed, 13 May 2026 19:17:31 |
| CVE-2026-29206 json | Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root use... | Wed, 13 May 2026 19:17:31 |
| CVE-2025-36074 json | IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malici... | Wed, 13 May 2026 19:17:31 |
| CVE-2026-43983 json | Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The cre... | Wed, 13 May 2026 19:02:30 |
| CVE-2026-43896 json | jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafte... | Wed, 13 May 2026 18:47:30 |
| CVE-2026-41895 json | changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XM... | Wed, 13 May 2026 18:47:30 |
| CVE-2026-45158 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP conf... | Wed, 13 May 2026 18:17:31 |
| CVE-2026-44478 json | hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthen... | Wed, 13 May 2026 18:17:31 |
| CVE-2026-44471 json | gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when ch... | Wed, 13 May 2026 18:17:31 |
| CVE-2026-44448 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed ... | Wed, 13 May 2026 18:17:31 |
| CVE-2026-44447 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL i... | Wed, 13 May 2026 18:17:31 |
| CVE-2026-44446 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulne... | Wed, 13 May 2026 18:17:31 |
| CVE-2026-44445 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction o... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44442 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce pro... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44441 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could se... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44440 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44439 json | PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficientl... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44437 json | The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44426 json | ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — inc... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44425 json | ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the t... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44424 json | ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the cal... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44423 json | ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authen... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44369 json | CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44195 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allo... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44194 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vuln... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-44193 json | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-42463 json | SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-W... | Wed, 13 May 2026 18:17:30 |
| CVE-2026-40328 json | Rejected reason: This CVE is a duplicate of another CVE. | Wed, 13 May 2026 18:17:30 |
| CVE-2026-40327 json | Rejected reason: This CVE is a duplicate of another CVE. | Wed, 13 May 2026 18:17:29 |
| CVE-2026-32993 json | Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attack... | Wed, 13 May 2026 18:17:29 |
| CVE-2026-32992 json | SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the requ... | Wed, 13 May 2026 18:17:29 |
| CVE-2026-29205 json | Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd att... | Wed, 13 May 2026 18:17:29 |
| CVE-2026-29202 json | Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on b... | Wed, 13 May 2026 18:17:29 |
| CVE-2026-29201 json | Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file r... | Wed, 13 May 2026 18:17:29 |
| CVE-2026-27135 json | nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library ... | Wed, 13 May 2026 18:17:29 |