CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.

Read the API docs

[rss] [api]
Recent CVEs
Recently updated CVE records
CVE Description Updated
CVE-2026-57832 json The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection. Wed, 15 Jul 2026 05:19:10
CVE-2026-57831 json The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection. Wed, 15 Jul 2026 05:19:10
CVE-2026-4647 json A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and ... Wed, 15 Jul 2026 05:19:10
CVE-2026-15804 json The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via s... Wed, 15 Jul 2026 04:19:08
CVE-2026-15583 json A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment... Wed, 15 Jul 2026 04:19:08
CVE-2026-14251 json A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when recon... Wed, 15 Jul 2026 04:19:08
CVE-2026-42936 json The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when in... Wed, 15 Jul 2026 02:19:05
CVE-2026-12512 json The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using i... Wed, 15 Jul 2026 02:19:05
CVE-2026-12505 json A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before loo... Wed, 15 Jul 2026 02:19:05
CVE-2026-12281 json The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an an... Wed, 15 Jul 2026 02:19:05
CVE-2026-11580 json The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capabili... Wed, 15 Jul 2026 02:19:05
CVE-2026-11579 json The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is ... Wed, 15 Jul 2026 02:19:05
CVE-2026-48370 json Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Wed, 15 Jul 2026 01:19:13
CVE-2026-48337 json Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context ... Wed, 15 Jul 2026 01:19:13
CVE-2026-48336 json Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context ... Wed, 15 Jul 2026 01:19:13
CVE-2026-48334 json Illustrator is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the co... Wed, 15 Jul 2026 01:19:13
CVE-2026-48275 json Illustrator is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the contex... Wed, 15 Jul 2026 01:19:13
CVE-2026-48369 json Premiere Pro is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context... Wed, 15 Jul 2026 01:19:12
CVE-2026-48367 json After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Wed, 15 Jul 2026 01:19:12
CVE-2026-48366 json Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Wed, 15 Jul 2026 01:19:12
CVE-2026-48344 json Creative Cloud Desktop is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in ... Wed, 15 Jul 2026 01:19:12
CVE-2026-48343 json Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of th... Wed, 15 Jul 2026 01:19:12
CVE-2026-48342 json Bridge is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the co... Wed, 15 Jul 2026 01:19:12
CVE-2026-48341 json Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of th... Wed, 15 Jul 2026 01:19:12
CVE-2026-48340 json Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the con... Wed, 15 Jul 2026 01:19:12
CVE-2026-48339 json Bridge is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context... Wed, 15 Jul 2026 01:19:12
CVE-2026-48327 json ColdFusion is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the conte... Wed, 15 Jul 2026 01:19:12
CVE-2026-48325 json ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code ex... Wed, 15 Jul 2026 01:19:12
CVE-2026-48324 json ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabili... Wed, 15 Jul 2026 01:19:12
CVE-2026-48322 json ColdFusion is affected by an Improper Control of Generation of Code ('Code Injection') vulnerability that could result in arb... Wed, 15 Jul 2026 01:19:12
CVE-2026-48319 json ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability tha... Wed, 15 Jul 2026 01:19:12
CVE-2026-48318 json ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability tha... Wed, 15 Jul 2026 01:19:12
CVE-2026-50650 json Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privil... Wed, 15 Jul 2026 01:19:11
CVE-2026-50649 json Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally. Wed, 15 Jul 2026 01:19:11
CVE-2026-50646 json Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally. Wed, 15 Jul 2026 01:19:11
CVE-2026-50526 json Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering loc... Wed, 15 Jul 2026 01:19:11
CVE-2026-48311 json Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of th... Wed, 15 Jul 2026 01:19:11
CVE-2026-48284 json ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the con... Wed, 15 Jul 2026 01:19:11
CVE-2026-48274 json After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Wed, 15 Jul 2026 01:19:11
CVE-2026-48272 json Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code e... Wed, 15 Jul 2026 01:19:11
CVE-2026-48270 json Premiere Pro is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context... Wed, 15 Jul 2026 01:19:11
CVE-2026-48269 json Premiere Pro is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the c... Wed, 15 Jul 2026 01:19:11
CVE-2026-47976 json Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the contex... Wed, 15 Jul 2026 01:19:11
CVE-2026-47971 json Media Encoder is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the... Wed, 15 Jul 2026 01:19:11
CVE-2026-15777 json Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to enga... Wed, 15 Jul 2026 01:19:11
CVE-2026-15776 json Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary co... Wed, 15 Jul 2026 01:19:11
CVE-2026-15767 json Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbit... Wed, 15 Jul 2026 01:19:11
CVE-2026-15765 json Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in ... Wed, 15 Jul 2026 01:19:11
CVE-2026-15764 json Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to e... Wed, 15 Jul 2026 01:19:11
CVE-2026-48359 json Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that c... Wed, 15 Jul 2026 01:19:10
CVE-2026-48358 json Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary code ex... Wed, 15 Jul 2026 01:19:10
CVE-2026-48356 json Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary... Wed, 15 Jul 2026 01:19:10
CVE-2026-48350 json Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that c... Wed, 15 Jul 2026 01:19:10
CVE-2026-48349 json Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context ... Wed, 15 Jul 2026 01:19:10
CVE-2026-48348 json Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context ... Wed, 15 Jul 2026 01:19:10
CVE-2026-48347 json Animate is affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerab... Wed, 15 Jul 2026 01:19:10
CVE-2026-48346 json Animate is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of... Wed, 15 Jul 2026 01:19:10
CVE-2026-48345 json Animate is affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerab... Wed, 15 Jul 2026 01:19:10
CVE-2026-48259 json Adobe Experience Manager is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary cod... Wed, 15 Jul 2026 01:19:10
CVE-2026-47992 json Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnera... Wed, 15 Jul 2026 01:19:10
CVE-2026-47305 json Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally. Wed, 15 Jul 2026 01:19:10
CVE-2026-47304 json Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a ... Wed, 15 Jul 2026 01:19:10
CVE-2026-15410 json Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA100... Wed, 15 Jul 2026 01:19:10
CVE-2026-15409 json A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remot... Wed, 15 Jul 2026 01:19:10
CVE-2026-5040 json TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password ha... Wed, 15 Jul 2026 01:19:10
CVE-2026-58626 json Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network. Wed, 15 Jul 2026 01:19:09
CVE-2026-58619 json Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-58613 json Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-58594 json Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network. Wed, 15 Jul 2026 01:19:09
CVE-2026-58547 json Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-58544 json Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-58542 json Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-58541 json Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privile... Wed, 15 Jul 2026 01:19:09
CVE-2026-58540 json Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-58536 json Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-58534 json Heap-based buffer overflow in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally... Wed, 15 Jul 2026 01:19:09
CVE-2026-58532 json Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-58531 json Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authoriz... Wed, 15 Jul 2026 01:19:09
CVE-2026-58530 json Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-58527 json Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an auth... Wed, 15 Jul 2026 01:19:09
CVE-2026-58277 json Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. Wed, 15 Jul 2026 01:19:09
CVE-2026-57973 json Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to perform tam... Wed, 15 Jul 2026 01:19:09
CVE-2026-57968 json Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:09
CVE-2026-57102 json Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a se... Wed, 15 Jul 2026 01:19:09
CVE-2026-47303 json Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a ne... Wed, 15 Jul 2026 01:19:09
CVE-2026-47300 json Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over... Wed, 15 Jul 2026 01:19:09
CVE-2026-57101 json Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthor... Wed, 15 Jul 2026 01:19:08
CVE-2026-57096 json Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privi... Wed, 15 Jul 2026 01:19:08
CVE-2026-57095 json Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privi... Wed, 15 Jul 2026 01:19:08
CVE-2026-57094 json Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a netwo... Wed, 15 Jul 2026 01:19:08
CVE-2026-57093 json Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:08
CVE-2026-57090 json Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a netwo... Wed, 15 Jul 2026 01:19:08
CVE-2026-57087 json Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a netwo... Wed, 15 Jul 2026 01:19:08
CVE-2026-56650 json Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:08
CVE-2026-56649 json Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System al... Wed, 15 Jul 2026 01:19:08
CVE-2026-56648 json Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate pri... Wed, 15 Jul 2026 01:19:08
CVE-2026-56644 json Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:08
CVE-2026-56643 json Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Wed, 15 Jul 2026 01:19:08
CVE-2026-56197 json Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authori... Wed, 15 Jul 2026 01:19:08
CVE-2026-56196 json Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network. Wed, 15 Jul 2026 01:19:08
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report