CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-35537 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session h... | Fri, 03 Apr 2026 00:25:08 |
| CVE-2026-35536 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestH... | Fri, 03 Apr 2026 00:25:08 |
| CVE-2026-5452 | A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file c... | Fri, 03 Apr 2026 00:25:08 |
| CVE-2026-35535 | In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before run... | Thu, 02 Apr 2026 23:24:58 |
| CVE-2026-28815 | A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation pa... | Thu, 02 Apr 2026 23:24:58 |
| CVE-2026-35508 | Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, | Thu, 02 Apr 2026 22:23:39 |
| CVE-2026-35507 | Shynet before 0.14.0 allows Host header injection in the password reset flow. | Thu, 02 Apr 2026 22:23:39 |
| CVE-2025-54236 | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Thu, 02 Apr 2026 21:07:51 |
| CVE-2026-33107 | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-33105 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a net... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-32213 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-32211 | Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-32173 | Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | Thu, 02 Apr 2026 20:21:53 |
| CVE-2026-26135 | Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate ... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2025-0133 | A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Network... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2012-0059 | A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC ca... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2011-3344 | A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/P... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2011-2927 | A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows ... | Thu, 02 Apr 2026 20:21:53 |
| CVE-2025-15620 | HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web inte... | Thu, 02 Apr 2026 19:21:36 |
| CVE-2022-4986 | Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to cra... | Thu, 02 Apr 2026 19:21:36 |
| CVE-2024-14034 | Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management m... | Thu, 02 Apr 2026 19:21:35 |
| CVE-2023-7343 | HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows aut... | Thu, 02 Apr 2026 19:21:35 |
| CVE-2023-7342 | HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated ... | Thu, 02 Apr 2026 19:21:34 |
| CVE-2024-14033 | Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap ov... | Thu, 02 Apr 2026 18:20:35 |
| CVE-2011-2920 | A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote at... | Thu, 02 Apr 2026 18:20:35 |
| CVE-2011-1594 | A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers... | Thu, 02 Apr 2026 18:20:35 |
| CVE-2026-3502 | TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to ... | Thu, 02 Apr 2026 17:34:48 |
| CVE-2026-35467 | The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to ... | Thu, 02 Apr 2026 17:19:41 |
| CVE-2026-35466 | XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE AP... | Thu, 02 Apr 2026 17:19:41 |
| CVE-2026-30252 | Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare... | Thu, 02 Apr 2026 17:19:40 |
| CVE-2026-30251 | A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare S... | Thu, 02 Apr 2026 17:19:40 |
| CVE-2026-30520 | A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the... | Thu, 02 Apr 2026 17:04:16 |
| CVE-2026-25101 | Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after au... | Thu, 02 Apr 2026 17:04:16 |
| CVE-2026-33495 | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on set... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2026-4553 | A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of t... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2026-4552 | A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/Virt... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2026-4551 | A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /go... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2026-4533 | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functio... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2025-15608 | This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unva... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2019-25613 | Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by send... | Thu, 02 Apr 2026 17:04:15 |
| CVE-2025-15607 | A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing ... | Thu, 02 Apr 2026 17:04:14 |
| CVE-2026-28265 | PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could po... | Thu, 02 Apr 2026 16:49:08 |
| CVE-2026-27101 | Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper L... | Thu, 02 Apr 2026 16:49:08 |
| CVE-2026-4748 | A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only... | Thu, 02 Apr 2026 16:49:08 |
| CVE-2026-30280 | An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows ... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-5017 | A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the fi... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-4179 | Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop. | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-3207 | Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access. | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-2348 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit allow... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-1917 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.Th... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-1556 | Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths 7.x prior to 7.1.3 on Dr... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-0945 | Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects ... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2025-13855 | IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send... | Thu, 02 Apr 2026 16:49:07 |
| CVE-2026-33416 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raste... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-32794 | Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certi... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-22886 | OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ship... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-5019 | A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is a... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-5018 | A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file reg... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-0648 | The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_comp... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2025-55102 | A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially cr... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2025-55095 | The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When ... | Thu, 02 Apr 2026 16:33:54 |
| CVE-2026-35383 | Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-35053 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI e... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34932 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that c... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34931 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability th... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34848 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34847 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open ... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34840 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementat... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34838 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34834 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() funct... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34833 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session ... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34832 | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authori... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34825 | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to ver... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-5420 | A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown functi... | Thu, 02 Apr 2026 16:18:45 |
| CVE-2026-34762 | Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts a... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2026-34761 | Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handove... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2026-34760 | vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Libros... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2026-34743 | XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_de... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2025-43264 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously cr... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2025-43257 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2025-43238 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2025-43236 | A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 1... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2025-43219 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously cr... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2025-43210 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, i... | Thu, 02 Apr 2026 16:18:44 |
| CVE-2026-34352 | In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause... | Thu, 02 Apr 2026 16:18:43 |
| CVE-2026-32286 | The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a... | Thu, 02 Apr 2026 16:18:43 |
| CVE-2026-29953 | SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/post... | Thu, 02 Apr 2026 16:18:43 |
| CVE-2026-26830 | pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfo... | Thu, 02 Apr 2026 16:18:43 |
| CVE-2024-44303 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able ... | Thu, 02 Apr 2026 16:18:43 |
| CVE-2024-44286 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physi... | Thu, 02 Apr 2026 16:18:43 |
| CVE-2024-44219 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious applic... | Thu, 02 Apr 2026 16:18:43 |
| CVE-2024-40858 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able... | Thu, 02 Apr 2026 16:18:43 |
| CVE-2024-40849 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to b... | Thu, 02 Apr 2026 16:18:43 |
| CVE-2026-29828 | DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field projectDe... | Thu, 02 Apr 2026 16:18:42 |
| CVE-2026-4043 | A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of... | Thu, 02 Apr 2026 16:18:42 |
| CVE-2026-4042 | A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the f... | Thu, 02 Apr 2026 16:18:42 |
| CVE-2026-4041 | A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCo... | Thu, 02 Apr 2026 16:18:42 |
| CVE-2026-4008 | A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset o... | Thu, 02 Apr 2026 16:18:42 |
| CVE-2026-4007 | A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDg... | Thu, 02 Apr 2026 16:18:42 |
| CVE-2026-3976 | A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/W... | Thu, 02 Apr 2026 16:18:42 |