CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-47965 json | Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that coul... | Thu, 18 Jun 2026 14:52:02 |
| CVE-2026-28573 json | In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead t... | Thu, 18 Jun 2026 14:52:02 |
| CVE-2026-12117 json | Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault... | Thu, 18 Jun 2026 14:52:02 |
| CVE-2026-11410 json | An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v... | Thu, 18 Jun 2026 14:52:02 |
| CVE-2026-11409 json | An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to imp... | Thu, 18 Jun 2026 14:52:02 |
| CVE-2026-1764 json | A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted M... | Thu, 18 Jun 2026 14:52:02 |
| CVE-2026-0409 json | A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router ... | Thu, 18 Jun 2026 14:52:02 |
| CVE-2026-56024 json | Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affec... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-55237 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Ve... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-55205 json | Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/s... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-55204 json | HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() with... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-54390 json | JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated att... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-54106 json | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract App... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-54105 json | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract App... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-54104 json | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract App... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-54103 json | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract App... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-48986 json | pam_usb provides hardware authentication for Linux using removable media. In pam_usb 0.9.1 and earlier, usb_get_process_paren... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-48985 json | pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusb_is_login... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-48984 json | pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree() m... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-12475 json | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All refere... | Thu, 18 Jun 2026 14:21:59 |
| CVE-2026-54224 json | UBB.threads is vulnerable to Denial of Service (DoS). By sending multiple concurrent requests to view any user profile on ins... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2026-54223 json | UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file o... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2026-38718 json | InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer ... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2026-38717 json | InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2026-38716 json | InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2026-38715 json | InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2026-38714 json | InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2026-11982 json | Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API sa... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2025-58175 json | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, ... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2025-53114 json | CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 th... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2025-52465 json | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, ... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2025-32437 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2025-32436 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2025-32424 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2025-32422 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2025-32392 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2025-27511 json | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoSer... | Thu, 18 Jun 2026 14:21:58 |
| CVE-2026-54222 json | UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to intera... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-54221 json | UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling atta... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-54220 json | uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an atta... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-54219 json | UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize us... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-46894 json | Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Home Page). Supported versions t... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-46883 json | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Securi... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-46882 json | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Securi... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-46881 json | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Securi... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-46880 json | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Securi... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-0415 json | Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to t... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-0414 json | Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to t... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-0413 json | A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated adm... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-0411 json | An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-0410 json | Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized cha... | Thu, 18 Jun 2026 14:21:57 |
| CVE-2026-33833 json | Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning ... | Thu, 18 Jun 2026 14:21:56 |
| CVE-2026-32204 json | External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | Thu, 18 Jun 2026 14:21:56 |
| CVE-2026-56022 json | Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowi... | Thu, 18 Jun 2026 13:21:37 |
| CVE-2026-56021 json | Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a ... | Thu, 18 Jun 2026 13:21:37 |
| CVE-2026-56020 json | The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client ce... | Thu, 18 Jun 2026 13:21:37 |
| CVE-2026-55203 json | HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl f... | Thu, 18 Jun 2026 13:21:36 |
| CVE-2026-48617 json | A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can ... | Thu, 18 Jun 2026 13:21:36 |
| CVE-2026-10687 json | Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis, confirmed with the fix aut... | Thu, 18 Jun 2026 13:21:36 |
| CVE-2026-56012 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIb... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-56007 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Product S... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-55199 json | libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-54445 json | vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user wi... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-54388 json | Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with d... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-53869 json | Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypa... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-50200 json | Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. ... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-50141 json | Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC ... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-48989 json | Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes ... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-48822 json | Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerabilit... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-46580 json | In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatic... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-45617 json | LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the ... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-44691 json | In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-44688 json | In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prom... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-22551 json | In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP reques... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-12529 json | A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. A... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-12505 json | A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before loo... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-11791 json | A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attr... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-11777 json | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQ... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-11395 json | The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-10736 json | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'd... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-2021 json | The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode a... | Thu, 18 Jun 2026 13:21:35 |
| CVE-2026-46848 json | Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are a... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-46847 json | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Runtime Tools). Supported versi... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-32652 json | Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-12515 json | A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-12297 json | Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152,... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-12296 json | Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-12295 json | Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-12294 json | Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 11... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-12293 json | Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-12292 json | Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Th... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-12291 json | Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ES... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-9262 json | Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-9261 json | Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-9260 json | Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-9259 json | Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-9258 json | Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-6691 json | The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a hea... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-3490 json | picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving a... | Thu, 18 Jun 2026 13:21:34 |
| CVE-2026-0420 json | An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could a... | Thu, 18 Jun 2026 13:21:34 |