CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-49325 json | Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model... | Fri, 29 May 2026 10:28:11 |
| CVE-2026-49318 json | Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model ... | Fri, 29 May 2026 10:28:11 |
| CVE-2026-49317 json | Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model ... | Fri, 29 May 2026 10:28:11 |
| CVE-2026-49316 json | Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an ... | Fri, 29 May 2026 10:28:11 |
| CVE-2026-47696 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the lo... | Fri, 29 May 2026 10:28:11 |
| CVE-2026-47694 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and la... | Fri, 29 May 2026 10:28:11 |
| CVE-2026-46510 json | form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g.... | Fri, 29 May 2026 10:28:11 |
| CVE-2026-46376 json | FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the ... | Fri, 29 May 2026 10:28:11 |
| CVE-2026-46337 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary imag... | Fri, 29 May 2026 10:28:11 |
| CVE-2026-45731 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative p... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-45707 json | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-45620 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck() or admi... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-45619 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other ... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-45615 json | mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding s... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-45610 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-45582 json | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-45580 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a stored cross-site scripting vulnerability. The ... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-45578 json | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTS... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-45555 json | Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 t... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-44698 json | Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS a... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-44239 json | FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP fi... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-44238 json | FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the ... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-44237 json | FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently valid... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-40528 json | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() f... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-40510 json | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-10075 json | DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file ... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-10074 json | DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Re... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-10073 json | DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to explo... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-10072 json | DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload ... | Fri, 29 May 2026 10:28:10 |
| CVE-2026-49128 json | Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and Lo... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-48527 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a st... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-45551 json | Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, G... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-45023 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-10061 json | A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The m... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-10060 json | A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/for... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-10044 json | Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename}... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-9969 json | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to exe... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-9963 json | Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to en... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-9939 json | Heap buffer overflow in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary cod... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-9938 json | Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary co... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-9910 json | Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary ... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-9909 json | Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer ... | Fri, 29 May 2026 10:28:09 |
| CVE-2026-41125 json | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplan... | Fri, 29 May 2026 10:28:08 |
| CVE-2026-35675 json | phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthentica... | Fri, 29 May 2026 10:28:08 |
| CVE-2025-58074 json | A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privi... | Fri, 29 May 2026 10:28:08 |
| CVE-2025-40946 json | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9... | Fri, 29 May 2026 10:28:08 |
| CVE-2021-22764 json | A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerL... | Fri, 29 May 2026 10:28:08 |
| CVE-2021-22763 json | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8E... | Fri, 29 May 2026 10:28:08 |
| CVE-2021-22703 json | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/... | Fri, 29 May 2026 10:28:08 |
| CVE-2021-22702 json | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx,... | Fri, 29 May 2026 10:28:08 |
| CVE-2021-22701 json | A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, I... | Fri, 29 May 2026 10:28:08 |
| CVE-2020-7565 json | A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allo... | Fri, 29 May 2026 10:28:08 |
| CVE-2020-7564 json | A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on M... | Fri, 29 May 2026 10:28:08 |
| CVE-2020-7563 json | A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Le... | Fri, 29 May 2026 10:28:08 |
| CVE-2020-7562 json | A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Leg... | Fri, 29 May 2026 10:28:07 |
| CVE-2017-7575 json | Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password ... | Fri, 29 May 2026 10:28:07 |
| CVE-2017-7574 json | Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vul... | Fri, 29 May 2026 10:28:07 |
| CVE-2017-6030 json | A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware... | Fri, 29 May 2026 10:28:07 |
| CVE-2025-41281 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41280 json | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41279 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41278 json | Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 tha... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41277 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41276 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41275 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41274 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41273 json | Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in W... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41272 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:09 |
| CVE-2025-41271 json | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in... | Fri, 29 May 2026 10:13:09 |
| CVE-2026-49130 json | Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the xspf_char_data function withi... | Fri, 29 May 2026 10:13:08 |
| CVE-2026-49129 json | Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin wher... | Fri, 29 May 2026 10:13:08 |
| CVE-2026-49127 json | Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be functi... | Fri, 29 May 2026 10:13:08 |
| CVE-2026-46579 json | A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend do... | Fri, 29 May 2026 10:13:08 |
| CVE-2026-42965 json | A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a... | Fri, 29 May 2026 10:13:08 |
| CVE-2026-10078 json | A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifica... | Fri, 29 May 2026 10:13:08 |
| CVE-2026-10052 json | A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can expl... | Fri, 29 May 2026 10:13:08 |
| CVE-2026-6324 json | A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_s... | Fri, 29 May 2026 10:13:08 |
| CVE-2025-41270 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:08 |
| CVE-2025-41269 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:08 |
| CVE-2025-41268 json | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX H... | Fri, 29 May 2026 10:13:08 |
| CVE-2025-41267 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:08 |
| CVE-2025-41266 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:08 |
| CVE-2025-41265 json | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | Fri, 29 May 2026 10:13:08 |
| CVE-2026-43616 json | Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the fi... | Fri, 29 May 2026 10:13:07 |
| CVE-2026-38707 json | A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware ... | Fri, 29 May 2026 10:13:07 |
| CVE-2026-38704 json | A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmw... | Fri, 29 May 2026 10:13:07 |
| CVE-2026-38703 json | A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmwa... | Fri, 29 May 2026 10:13:07 |
| CVE-2026-38702 json | A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmwa... | Fri, 29 May 2026 10:13:07 |
| CVE-2025-48977 json | Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the serve... | Fri, 29 May 2026 10:13:07 |
| CVE-2026-9509 json | An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remo... | Fri, 29 May 2026 09:28:07 |
| CVE-2026-9508 json | Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup f... | Fri, 29 May 2026 09:28:07 |
| CVE-2026-49324 json | Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 mode... | Fri, 29 May 2026 09:28:06 |
| CVE-2026-49323 json | Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Sc... | Fri, 29 May 2026 09:28:06 |
| CVE-2026-45611 json | Rejected reason: Further research determined the issue is not a vulnerability. | Fri, 29 May 2026 09:28:06 |
| CVE-2026-45312 json | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in ... | Fri, 29 May 2026 09:28:06 |
| CVE-2026-45043 json | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/ad... | Fri, 29 May 2026 09:28:06 |
| CVE-2026-10071 json | DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to up... | Fri, 29 May 2026 09:28:06 |
| CVE-2026-10006 json | Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbo... | Fri, 29 May 2026 09:28:06 |
| CVE-2026-9987 json | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a lo... | Fri, 29 May 2026 09:28:06 |
| CVE-2026-9983 json | Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a ... | Fri, 29 May 2026 09:28:06 |