CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-4887 json | A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote ... | Tue, 12 May 2026 20:42:21 |
| CVE-2017-18006 json | netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | Tue, 12 May 2026 20:42:21 |
| CVE-2017-18005 json | Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata ... | Tue, 12 May 2026 20:42:20 |
| CVE-2017-18004 json | Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | Tue, 12 May 2026 20:42:20 |
| CVE-2017-18001 json | Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device'... | Tue, 12 May 2026 20:42:20 |
| CVE-2017-17997 json | In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/pa... | Tue, 12 May 2026 20:42:20 |
| CVE-2017-17995 json | Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | Tue, 12 May 2026 20:42:20 |
| CVE-2017-17704 json | A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with... | Tue, 12 May 2026 20:42:20 |
| CVE-2017-17089 json | custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description f... | Tue, 12 May 2026 20:42:20 |
| CVE-2017-14855 json | Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a lo... | Tue, 12 May 2026 20:42:20 |
| CVE-2017-12813 json | PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | Tue, 12 May 2026 20:42:20 |
| CVE-2017-12812 json | PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | Tue, 12 May 2026 20:42:20 |
| CVE-2017-12811 json | PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | Tue, 12 May 2026 20:42:20 |
| CVE-2017-12810 json | PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | Tue, 12 May 2026 20:42:20 |
| CVE-2017-17994 json | Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria reques... | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17993 json | Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17992 json | Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php ... | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17991 json | Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17990 json | Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17989 json | Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17988 json | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17987 json | PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17986 json | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17985 json | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17984 json | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17983 json | PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17982 json | PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | Tue, 12 May 2026 20:42:19 |
| CVE-2017-17981 json | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | Tue, 12 May 2026 20:42:18 |
| CVE-2017-17975 json | Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows... | Tue, 12 May 2026 20:42:18 |
| CVE-2017-17901 json | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with... | Tue, 12 May 2026 20:42:18 |
| CVE-2015-8008 json | The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows att... | Tue, 12 May 2026 20:42:18 |
| CVE-2015-3302 json | The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.... | Tue, 12 May 2026 20:42:18 |
| CVE-2014-9515 json | Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary... | Tue, 12 May 2026 20:42:18 |
| CVE-2014-8119 json | The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via... | Tue, 12 May 2026 20:42:18 |
| CVE-2014-4978 json | The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via... | Tue, 12 May 2026 20:42:18 |
| CVE-2014-3630 json | XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 ... | Tue, 12 May 2026 20:42:18 |
| CVE-2014-0121 json | The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands vi... | Tue, 12 May 2026 20:42:18 |
| CVE-2014-0120 json | Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authen... | Tue, 12 May 2026 20:42:18 |
| CVE-2013-4578 json | jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and... | Tue, 12 May 2026 20:42:18 |
| CVE-2017-17974 json | BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows re... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17973 json | In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-pa... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17971 json | The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but nei... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17968 json | A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTT... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17933 json | cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the ... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17920 json | SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arb... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17919 json | SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbit... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17917 json | SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbit... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17916 json | SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arb... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17910 json | On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attack... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17760 json | OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-16876 json | Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attacker... | Tue, 12 May 2026 20:42:17 |
| CVE-2017-17967 json | pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file,... | Tue, 12 May 2026 20:42:16 |
| CVE-2017-17960 json | PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | Tue, 12 May 2026 20:42:16 |
| CVE-2017-17959 json | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | Tue, 12 May 2026 20:42:16 |
| CVE-2017-17958 json | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. | Tue, 12 May 2026 20:42:16 |
| CVE-2017-17957 json | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | Tue, 12 May 2026 20:42:16 |
| CVE-2017-17956 json | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. | Tue, 12 May 2026 20:42:16 |
| CVE-2017-17955 json | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | Tue, 12 May 2026 20:42:16 |
| CVE-2017-17954 json | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | Tue, 12 May 2026 20:42:16 |
| CVE-2017-17953 json | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | Tue, 12 May 2026 20:42:16 |
| CVE-2016-3695 json | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors... | Tue, 12 May 2026 20:42:16 |
| CVE-2014-4914 json | The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote ... | Tue, 12 May 2026 20:42:16 |
| CVE-2014-3651 json | JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large val... | Tue, 12 May 2026 20:42:16 |
| CVE-2013-7400 json | The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by lev... | Tue, 12 May 2026 20:42:16 |
| CVE-2017-17952 json | PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to r... | Tue, 12 May 2026 20:42:15 |
| CVE-2017-17951 json | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | Tue, 12 May 2026 20:42:15 |
| CVE-2017-17950 json | Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | Tue, 12 May 2026 20:42:15 |
| CVE-2017-17949 json | Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. | Tue, 12 May 2026 20:42:15 |
| CVE-2017-17948 json | Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | Tue, 12 May 2026 20:42:15 |
| CVE-2017-17942 json | In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. | Tue, 12 May 2026 20:42:15 |
| CVE-2017-17941 json | PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | Tue, 12 May 2026 20:42:15 |
| CVE-2017-17940 json | PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | Tue, 12 May 2026 20:42:15 |
| CVE-2017-17939 json | PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | Tue, 12 May 2026 20:42:15 |
| CVE-2017-15892 json | Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote ... | Tue, 12 May 2026 20:42:15 |
| CVE-2017-15886 json | Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticat... | Tue, 12 May 2026 20:42:15 |
| CVE-2017-15667 json | In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SER... | Tue, 12 May 2026 20:42:15 |
| CVE-2017-17938 json | PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | Tue, 12 May 2026 20:42:14 |
| CVE-2017-17937 json | Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | Tue, 12 May 2026 20:42:14 |
| CVE-2017-17936 json | Vanguard Marketplace Digital Products PHP has CSRF via /search. | Tue, 12 May 2026 20:42:14 |
| CVE-2017-17932 json | A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remot... | Tue, 12 May 2026 20:42:14 |
| CVE-2017-11698 json | Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allo... | Tue, 12 May 2026 20:42:14 |
| CVE-2017-11697 json | The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause... | Tue, 12 May 2026 20:42:14 |
| CVE-2017-11696 json | Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allow... | Tue, 12 May 2026 20:42:14 |
| CVE-2017-11695 json | Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows... | Tue, 12 May 2026 20:42:14 |
| CVE-2017-10910 json | MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition... | Tue, 12 May 2026 20:42:14 |
| CVE-2015-7889 json | The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for th... | Tue, 12 May 2026 20:42:14 |
| CVE-2015-3637 json | SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbit... | Tue, 12 May 2026 20:42:14 |
| CVE-2014-8389 json | cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.20... | Tue, 12 May 2026 20:42:14 |
| CVE-2017-17935 json | The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, w... | Tue, 12 May 2026 20:42:13 |
| CVE-2017-17934 json | ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated... | Tue, 12 May 2026 20:42:13 |
| CVE-2017-17931 json | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | Tue, 12 May 2026 20:42:13 |
| CVE-2017-16768 json | Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote au... | Tue, 12 May 2026 20:42:13 |
| CVE-2017-13056 json | The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a c... | Tue, 12 May 2026 20:42:13 |
| CVE-2016-6914 json | Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users ... | Tue, 12 May 2026 20:42:13 |
| CVE-2015-7669 json | Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2... | Tue, 12 May 2026 20:42:13 |
| CVE-2015-7668 json | Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress al... | Tue, 12 May 2026 20:42:13 |
| CVE-2015-7667 json | Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/a... | Tue, 12 May 2026 20:42:13 |
| CVE-2015-7666 json | Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in... | Tue, 12 May 2026 20:42:13 |
| CVE-2015-7324 json | Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component ... | Tue, 12 May 2026 20:42:13 |
| CVE-2015-6237 json | The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authent... | Tue, 12 May 2026 20:42:13 |