CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.

Read the API docs

[rss] [api]
Recent CVEs
Recently updated CVE records
CVE Description Updated
CVE-2026-56211 json A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds valida... Fri, 03 Jul 2026 12:29:03
CVE-2026-56210 json A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check... Fri, 03 Jul 2026 12:29:03
CVE-2026-56209 json An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check ... Fri, 03 Jul 2026 12:29:03
CVE-2026-56208 json A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's... Fri, 03 Jul 2026 12:29:03
CVE-2026-14615 json A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. Wh... Fri, 03 Jul 2026 12:29:03
CVE-2026-14614 json A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 i... Fri, 03 Jul 2026 12:29:03
CVE-2026-14613 json A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information a... Fri, 03 Jul 2026 12:29:03
CVE-2026-14612 json Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory acc... Fri, 03 Jul 2026 12:29:03
CVE-2026-9673 json Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection ... Fri, 03 Jul 2026 12:29:03
CVE-2026-53478 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 11:27:48
CVE-2026-49815 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 11:27:48
CVE-2026-49814 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 11:27:48
CVE-2026-49813 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 11:27:48
CVE-2026-14460 json Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argumen... Fri, 03 Jul 2026 11:27:48
CVE-2026-14459 json Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software T... Fri, 03 Jul 2026 11:27:48
CVE-2026-13374 json Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Firew... Fri, 03 Jul 2026 11:27:48
CVE-2026-46466 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 10:27:16
CVE-2026-46465 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 10:27:16
CVE-2026-46464 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 10:27:16
CVE-2026-46463 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 10:27:15
CVE-2026-59234 json Authorization Bypass Through User-Controlled Key (CWE-639) in CalendarDeleteEventController (app/Http/Controllers/Calendar/Ca... Fri, 03 Jul 2026 09:26:41
CVE-2026-56085 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-56015 json Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add() passes the... Fri, 03 Jul 2026 09:26:41
CVE-2026-54483 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-54371 json attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local... Fri, 03 Jul 2026 09:26:41
CVE-2026-46730 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-46468 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-46467 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-44269 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-44268 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-41124 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-41123 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-26355 json Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 releas... Fri, 03 Jul 2026 09:26:41
CVE-2026-12912 json A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-com... Fri, 03 Jul 2026 09:26:41
CVE-2026-11998 json A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can l... Fri, 03 Jul 2026 09:26:41
CVE-2026-49980 json Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 unt... Fri, 03 Jul 2026 09:26:40
CVE-2026-46331 json In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache c... Fri, 03 Jul 2026 09:26:40
CVE-2026-46316 json In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache referen... Fri, 03 Jul 2026 09:26:40
CVE-2026-44172 json MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking no... Fri, 03 Jul 2026 09:26:40
CVE-2026-5497 json vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame ... Fri, 03 Jul 2026 09:26:40
CVE-2025-71319 json image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Nod... Fri, 03 Jul 2026 09:26:40
CVE-2026-45292 json opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetr... Fri, 03 Jul 2026 09:26:39
CVE-2026-42508 json Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key... Fri, 03 Jul 2026 09:26:39
CVE-2026-39835 json SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused... Fri, 03 Jul 2026 09:26:39
CVE-2026-39832 json When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in... Fri, 03 Jul 2026 09:26:39
CVE-2026-39830 json A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's re... Fri, 03 Jul 2026 09:26:39
CVE-2026-8643 json pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path ... Fri, 03 Jul 2026 09:26:39
CVE-2026-4408 json A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controll... Fri, 03 Jul 2026 09:26:39
CVE-2026-3012 json A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled,... Fri, 03 Jul 2026 09:26:39
CVE-2026-1933 json A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing... Fri, 03 Jul 2026 09:26:39
CVE-2025-10263 json Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cor... Fri, 03 Jul 2026 09:26:39
CVE-2026-42440 json OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 1.... Fri, 03 Jul 2026 09:26:38
CVE-2026-42264 json Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config p... Fri, 03 Jul 2026 09:26:38
CVE-2026-42044 json Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable... Fri, 03 Jul 2026 09:26:38
CVE-2026-33810 json When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildca... Fri, 03 Jul 2026 09:26:38
CVE-2026-6322 json fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw d... Fri, 03 Jul 2026 09:26:38
CVE-2026-4800 json Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable opt... Fri, 03 Jul 2026 09:26:38
CVE-2025-13465 json Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacke... Fri, 03 Jul 2026 09:26:38
CVE-2026-21441 json urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP re... Fri, 03 Jul 2026 09:26:37
CVE-2025-40910 json Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could... Fri, 03 Jul 2026 09:26:37
CVE-2026-50238 json Rejected reason: Red Hat Product Security has concluded that this CVE is not required. The reported issue has been classified... Fri, 03 Jul 2026 07:26:26
CVE-2026-13341 json A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a re... Fri, 03 Jul 2026 07:26:26
CVE-2026-10055 json In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any ... Fri, 03 Jul 2026 07:26:26
CVE-2026-10054 json In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (... Fri, 03 Jul 2026 07:26:26
CVE-2026-5137 json The RTMKit (rometheme-for-elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and includ... Fri, 03 Jul 2026 06:26:03
CVE-2026-4322 json Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Desi... Fri, 03 Jul 2026 06:26:03
CVE-2026-4321 json Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Desi... Fri, 03 Jul 2026 06:26:03
CVE-2026-47898 json Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library)... Fri, 03 Jul 2026 06:26:02
CVE-2026-47897 json Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net... Fri, 03 Jul 2026 06:26:02
CVE-2026-47896 json Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net... Fri, 03 Jul 2026 06:26:02
CVE-2026-35159 json Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker wi... Fri, 03 Jul 2026 06:26:02
CVE-2026-35085 json A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as ... Fri, 03 Jul 2026 06:26:02
CVE-2026-35084 json A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as ro... Fri, 03 Jul 2026 06:26:02
CVE-2026-35083 json A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. Fri, 03 Jul 2026 06:26:02
CVE-2026-35082 json The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient vali... Fri, 03 Jul 2026 06:26:02
CVE-2026-35081 json The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient val... Fri, 03 Jul 2026 06:26:02
CVE-2026-35080 json The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient ... Fri, 03 Jul 2026 06:26:02
CVE-2026-35079 json The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient vali... Fri, 03 Jul 2026 06:26:02
CVE-2026-35078 json The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient val... Fri, 03 Jul 2026 06:26:02
CVE-2026-35077 json The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient... Fri, 03 Jul 2026 06:26:02
CVE-2026-35076 json The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient v... Fri, 03 Jul 2026 06:26:02
CVE-2026-11577 json Rejected reason: The reported behavior does not constitute a privilege escalation. Exploitation requires the attacker to alre... Fri, 03 Jul 2026 06:26:02
CVE-2026-35075 json An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access... Fri, 03 Jul 2026 05:24:38
CVE-2026-11900 json The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versio... Fri, 03 Jul 2026 05:24:38
CVE-2026-11778 json The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitr... Fri, 03 Jul 2026 05:24:38
CVE-2026-11398 json The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization byp... Fri, 03 Jul 2026 05:24:38
CVE-2026-9756 json The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' D... Fri, 03 Jul 2026 05:24:38
CVE-2026-4804 json The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and in... Fri, 03 Jul 2026 05:24:38
CVE-2026-14544 json A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, ... Fri, 03 Jul 2026 04:23:14
CVE-2026-9230 json The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in... Fri, 03 Jul 2026 04:23:14
CVE-2026-9148 json The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website'... Fri, 03 Jul 2026 04:23:14
CVE-2026-8804 json Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive fl... Fri, 03 Jul 2026 04:23:14
CVE-2026-8351 json The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Te... Fri, 03 Jul 2026 04:23:14
CVE-2026-12064 json When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between th... Fri, 03 Jul 2026 03:21:53
CVE-2026-11856 json Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then chang... Fri, 03 Jul 2026 03:21:53
CVE-2026-11586 json By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for ... Fri, 03 Jul 2026 03:21:53
CVE-2026-11564 json libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the s... Fri, 03 Jul 2026 03:21:53
CVE-2026-11352 json An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against... Fri, 03 Jul 2026 03:21:53
CVE-2026-9547 json When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` call... Fri, 03 Jul 2026 03:21:53
CVE-2026-9546 json A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation... Fri, 03 Jul 2026 03:21:53
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report