CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-41044 json | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache... | Fri, 24 Apr 2026 07:24:10 |
| CVE-2026-41043 json | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache Active... | Fri, 24 Apr 2026 07:24:10 |
| CVE-2026-40466 json | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker,... | Fri, 24 Apr 2026 07:24:10 |
| CVE-2025-62233 json | Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinSche... | Fri, 24 Apr 2026 07:24:10 |
| CVE-2026-21728 json | Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, dependin... | Fri, 24 Apr 2026 05:24:07 |
| CVE-2026-6272 json | A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 Ope... | Fri, 24 Apr 2026 05:24:07 |
| CVE-2026-31283 json | In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. whic... | Fri, 24 Apr 2026 04:24:11 |
| CVE-2026-6349 json | The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to i... | Fri, 24 Apr 2026 04:24:11 |
| CVE-2026-4078 json | The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras... | Fri, 24 Apr 2026 04:24:11 |
| CVE-2026-3569 json | The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 ... | Fri, 24 Apr 2026 04:24:11 |
| CVE-2026-3565 json | The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This... | Fri, 24 Apr 2026 04:24:11 |
| CVE-2026-1875 json | Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP... | Fri, 24 Apr 2026 04:24:11 |
| CVE-2026-1874 json | Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP ... | Fri, 24 Apr 2026 04:24:11 |
| CVE-2025-11762 json | The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Expos... | Fri, 24 Apr 2026 04:24:11 |
| CVE-2026-1952 json | Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability. | Fri, 24 Apr 2026 03:24:12 |
| CVE-2026-1951 json | Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability. | Fri, 24 Apr 2026 03:24:12 |
| CVE-2026-1950 json | Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability. | Fri, 24 Apr 2026 03:24:12 |
| CVE-2026-6810 json | The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up t... | Fri, 24 Apr 2026 02:22:52 |
| CVE-2026-5428 json | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image ... | Fri, 24 Apr 2026 02:22:52 |
| CVE-2026-5364 json | The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up t... | Fri, 24 Apr 2026 02:22:52 |
| CVE-2026-5347 json | The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This ... | Fri, 24 Apr 2026 02:22:52 |
| CVE-2026-1949 json | Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web ... | Fri, 24 Apr 2026 02:22:52 |
| CVE-2026-41485 json | Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unch... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-41430 json | Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-servi... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-41324 json | basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory ... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-41323 json | Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, an... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-41319 json | MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versi... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-41318 json | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. P... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-41068 json | Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-nam... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-6947 json | DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated ad... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-6393 json | The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is du... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-5488 json | The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in ... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-2028 json | The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership... | Fri, 24 Apr 2026 00:21:26 |
| CVE-2026-41317 json | Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-servi... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-41316 json | ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` insta... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-41309 json | Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulne... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-41305 json | PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Synta... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-40254 json | FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path trav... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-33318 json | Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can e... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-33317 json | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A c... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-33208 json | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-33078 json | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL i... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-33077 json | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfi... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-33076 json | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-32952 json | go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM ch... | Thu, 23 Apr 2026 23:20:15 |
| CVE-2026-41325 json | Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform spe... | Thu, 23 Apr 2026 21:18:37 |
| CVE-2026-40099 json | Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform spe... | Thu, 23 Apr 2026 21:18:37 |
| CVE-2026-34587 json | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which ... | Thu, 23 Apr 2026 21:18:37 |
| CVE-2026-32870 json | Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `<![CDATA[ ]]>` blo... | Thu, 23 Apr 2026 21:18:37 |
| CVE-2026-31956 json | Xibo is an open source digital signage platform with a web content management system and Windows display player software. Pri... | Thu, 23 Apr 2026 21:18:37 |
| CVE-2026-31955 json | Xibo is an open source digital signage platform with a web content management system and Windows display player software. An ... | Thu, 23 Apr 2026 21:18:37 |
| CVE-2026-31953 json | Xibo is an open source digital signage platform with a web content management system and Windows display player software. A s... | Thu, 23 Apr 2026 21:18:37 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Thu, 23 Apr 2026 21:03:36 |
| CVE-2026-40630 json | A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpo... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-40623 json | A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters t... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-40620 json | A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established wit... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-40431 json | A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all admi... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-39462 json | A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied du... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-35503 json | A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the ... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-35064 json | A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the ... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-31952 json | Xibo is an open source digital signage platform with a web content management system and Windows display player software. Ver... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-29197 json | In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-29051 json | melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-29050 json | melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-27843 json | A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be mod... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-27841 json | A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without prop... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-25775 json | A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be perf... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-25720 json | A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowi... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-1789 json | A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information o... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2025-24934 json | Software which sets SO_REUSEPORT_LB on a socket and then connects it to a host will not directly observe any problems. Howev... | Thu, 23 Apr 2026 20:17:54 |
| CVE-2026-6732 json | A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (... | Thu, 23 Apr 2026 19:17:12 |
| CVE-2026-41361 json | OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attac... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41360 json | OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands co... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41359 json | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissio... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41358 json | OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41357 json | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsa... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41356 json | OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41355 json | OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox ... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41354 json | OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitima... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41353 json | OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers ... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41352 json | OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41351 json | OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 a... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41350 json | OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_status function fails to enfor... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41349 json | OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution ... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41348 json | OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41347 json | OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, al... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41346 json | OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing a... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41345 json | OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authoriz... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41344 json | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped ga... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41343 json | OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to c... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41342 json | OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists un... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41341 json | OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct mes... | Thu, 23 Apr 2026 18:31:32 |
| CVE-2026-41340 json | OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorre... | Thu, 23 Apr 2026 18:31:31 |
| CVE-2026-41339 json | OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authentic... | Thu, 23 Apr 2026 18:31:31 |
| CVE-2026-41338 json | OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers... | Thu, 23 Apr 2026 18:31:31 |
| CVE-2026-41337 json | OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers ... | Thu, 23 Apr 2026 18:31:31 |
| CVE-2026-41336 json | OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabli... | Thu, 23 Apr 2026 18:31:31 |
| CVE-2026-41335 json | OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that expos... | Thu, 23 Apr 2026 18:31:31 |
| CVE-2026-41334 json | OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixe... | Thu, 23 Apr 2026 18:31:31 |
| CVE-2026-41333 json | OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent s... | Thu, 23 Apr 2026 18:31:31 |