CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-55748 json | OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with ... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-55743 json | The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 (default Supervised security... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-54812 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors a... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-54810 json | Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Securi... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-54415 json | Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platform... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-49502 json | Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attack... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-48142 json | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxi... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-48117 json | DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an accoun... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-47103 json | Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execu... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-42530 json | NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-42055 json | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. Thi... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-40641 json | Dell PowerFlex Manager, version(s) 4.6.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An ... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-35162 json | Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker... | Wed, 17 Jun 2026 12:51:07 |
| CVE-2026-55738 json | A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function co... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-54819 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom al... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-54817 json | Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exp... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-54815 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-54814 json | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Styl... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-54813 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDa... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-54808 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gut... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-54417 json | An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a d... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-52707 json | Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-35067 json | Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-35066 json | Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-35065 json | Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability. An un... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-32804 json | Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attack... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-22283 json | Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphe... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-12528 json | A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A malformed ACI (Access Co... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-11311 json | When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX conf... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-10850 json | Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-9591 json | Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticate... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2024-47477 json | Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthe... | Wed, 17 Jun 2026 12:51:06 |
| CVE-2026-49268 json | A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class.... | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-49108 json | Unauthenticated PHP Object Injection in Moderno < 1.43 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-40756 json | Unauthenticated PHP Object Injection in Zoya <= 1.4 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-40733 json | Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-40720 json | Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-39576 json | Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-39559 json | Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-39556 json | Unauthenticated PHP Object Injection in Konsept <= 1.9 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-39523 json | Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-39442 json | Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-10641 json | Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains ... | Wed, 17 Jun 2026 12:51:05 |
| CVE-2025-69175 json | Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2025-69174 json | Unauthenticated Local File Inclusion in Etude <= 1.6 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2025-69170 json | Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2025-69164 json | Unauthenticated Local File Inclusion in Skyward <= 1.10 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2025-69157 json | Unauthenticated Local File Inclusion in Gamic <= 1.15 versions. | Wed, 17 Jun 2026 12:51:05 |
| CVE-2026-9570 json | The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaS... | Wed, 17 Jun 2026 12:51:04 |
| CVE-2026-8383 json | The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_u... | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-69144 json | Unauthenticated Local File Inclusion in Preservation <= 1.10 versions. | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-69140 json | Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions. | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-69128 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Tra... | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-69126 json | Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-69123 json | Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-69120 json | Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-69111 json | Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-68524 json | Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions. | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-66391 json | In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operat... | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-60236 json | Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n... | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-60231 json | Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects ... | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-60229 json | Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/... | Wed, 17 Jun 2026 12:51:04 |
| CVE-2025-15657 json | Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions. | Wed, 17 Jun 2026 12:51:04 |
| CVE-2026-55706 json | sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for le... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-54811 json | Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-54803 json | Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions. | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-54802 json | Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions. | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-54187 json | Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions. | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-53876 json | RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary comman... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-52698 json | Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 ... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-50203 json | A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or comp... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-49081 json | Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions. | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-49071 json | Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions. | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-48929 json | Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vulnerable to unauthenticate... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-48797 json | Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the opt... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-48788 json | Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-8089 json | The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin befor... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-7850 json | The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them i... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-5667 json | Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wirel... | Wed, 17 Jun 2026 12:51:03 |
| CVE-2026-48783 json | Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a ... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-48782 json | Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 throug... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-48781 json | Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-48779 json | ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-48745 json | Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar pla... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-48616 json | Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livech... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-48055 json | Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a hi... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-47340 json | Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Ap... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-47277 json | Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from fil... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-44587 json | CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the content_type_den... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-42385 json | Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions. | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-42357 json | Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not ... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-41280 json | Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized pr... | Wed, 17 Jun 2026 12:51:02 |
| CVE-2026-40753 json | Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions. | Wed, 17 Jun 2026 12:51:01 |
| CVE-2026-40731 json | Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions. | Wed, 17 Jun 2026 12:51:01 |
| CVE-2026-39597 json | Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions. | Wed, 17 Jun 2026 12:51:01 |
| CVE-2026-39558 json | Unauthenticated Local File Inclusion in Malmö <= 2.2 versions. | Wed, 17 Jun 2026 12:51:01 |
| CVE-2026-32967 json | Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache ... | Wed, 17 Jun 2026 12:51:01 |
| CVE-2026-32966 json | DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. Th... | Wed, 17 Jun 2026 12:51:01 |
| CVE-2026-28615 json | In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to l... | Wed, 17 Jun 2026 12:51:01 |
| CVE-2026-28587 json | In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permissi... | Wed, 17 Jun 2026 12:51:01 |