CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-56676 json | 9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, bu... | Fri, 10 Jul 2026 12:22:51 |
| CVE-2026-55501 json | 9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js deri... | Fri, 10 Jul 2026 12:22:51 |
| CVE-2026-55500 json | 9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (cont... | Fri, 10 Jul 2026 12:22:51 |
| CVE-2026-54149 json | MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/seria... | Fri, 10 Jul 2026 12:22:51 |
| CVE-2026-54001 json | osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, ... | Fri, 10 Jul 2026 12:22:51 |
| CVE-2026-54000 json | osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, ... | Fri, 10 Jul 2026 12:22:51 |
| CVE-2026-8609 json | An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory grow... | Fri, 10 Jul 2026 12:22:51 |
| CVE-2026-8595 json | A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that execute... | Fri, 10 Jul 2026 12:22:51 |
| CVE-2026-61456 json | The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded through the POST /api/v1/medi... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-61455 json | Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed siz... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-61441 json | PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE depende... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-61434 json | PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers t... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-61432 json | PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastContext feature (praisonaiagents... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-61431 json | PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .p... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-60089 json | PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a project-local .praisonai/config.tom... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-57994 json | phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, all... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-57961 json | phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths() function with... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-56813 json | Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or ov... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-56373 json | ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory ... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-56335 json | Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protecte... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-56309 json | Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-block... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-56279 json | Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains p... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-56261 json | Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-56254 json | In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme distributes the private key to e... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-54470 json | Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of XML External Entity Referenc... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-46388 json | osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivile... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-33382 json | Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. ... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-15375 json | A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-15374 json | A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddA... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-15373 json | A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-15143 json | A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to su... | Fri, 10 Jul 2026 12:22:50 |
| CVE-2026-54760 json | Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` S... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-54423 json | In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can ma... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-40454 json | Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ clie... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-40452 json | Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuer... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-40009 json | Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to ful... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-40008 json | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe pr... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-40007 json | Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=t... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-40006 json | Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-40005 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-28564 json | Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentica... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-21048 json | Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attac... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-21039 json | Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection sett... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-15332 json | A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-15320 json | A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the f... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-15300 json | The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in version... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-15292 json | The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the ... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-15286 json | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post ... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-15070 json | The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-13010 json | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Inj... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-12924 json | The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to Stor... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-12685 json | The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an ... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-12597 json | The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up t... | Fri, 10 Jul 2026 12:22:49 |
| CVE-2026-60120 json | Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unau... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-59856 json | Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcom... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-59832 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSni... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-58143 json | Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-57030 json | A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet for... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-57029 json | A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series all... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-57023 json | An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on M... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-56669 json | Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communicati... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-55604 json | DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-globa... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-55424 json | Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link"... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-54590 json | AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of ... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-51925 json | A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute a... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-51924 json | An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.p... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-51923 json | An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker t... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-44342 json | New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alph... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-39245 json | decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-39243 json | decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file ... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-35211 json | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-31267 json | Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A sta... | Fri, 10 Jul 2026 12:22:48 |
| CVE-2026-59939 json | httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTT... | Fri, 10 Jul 2026 12:22:47 |
| CVE-2026-59089 json | A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculate... | Fri, 10 Jul 2026 12:22:47 |
| CVE-2026-53624 json | Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.g... | Fri, 10 Jul 2026 12:22:47 |
| CVE-2026-42129 json | A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints... | Fri, 10 Jul 2026 12:22:47 |
| CVE-2026-42127 json | The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to... | Fri, 10 Jul 2026 12:22:47 |
| CVE-2026-11769 json | We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traver... | Fri, 10 Jul 2026 12:22:47 |
| CVE-2026-11332 json | A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's m... | Fri, 10 Jul 2026 12:22:47 |
| CVE-2026-10601 json | A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintend... | Fri, 10 Jul 2026 12:22:47 |
| CVE-2026-9029 json | A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a... | Fri, 10 Jul 2026 12:22:47 |
| CVE-2026-61492 json | In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-59794 json | In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-59793 json | In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-59792 json | In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was po... | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-59791 json | In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-55212 json | Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, the Studio API class definit... | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-55208 json | Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user... | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-55207 json | Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, an unauthenticated attacker ... | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-53961 json | Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webh... | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-46413 json | Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could rou... | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-45788 json | Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be... | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-38059 json | The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker ... | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-38057 json | The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoin... | Fri, 10 Jul 2026 12:07:45 |
| CVE-2026-28378 json | The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to ... | Fri, 10 Jul 2026 12:07:44 |
| CVE-2026-56690 json | Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Co... | Fri, 10 Jul 2026 11:52:49 |
| CVE-2026-56689 json | Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Co... | Fri, 10 Jul 2026 11:52:49 |
| CVE-2026-56688 json | Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Com... | Fri, 10 Jul 2026 11:52:49 |
| CVE-2026-56329 json | Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of d... | Fri, 10 Jul 2026 11:52:49 |
| CVE-2026-56312 json | Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation endpoint that creates user accou... | Fri, 10 Jul 2026 11:52:49 |