CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-42983 json | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Thu, 11 Jun 2026 13:04:15 |
| CVE-2026-42981 json | Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a ... | Thu, 11 Jun 2026 13:04:15 |
| CVE-2026-42980 json | Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | Thu, 11 Jun 2026 13:04:15 |
| CVE-2026-42979 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications all... | Thu, 11 Jun 2026 13:04:15 |
| CVE-2026-42837 json | Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | Thu, 11 Jun 2026 13:04:14 |
| CVE-2026-42836 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fd... | Thu, 11 Jun 2026 13:04:14 |
| CVE-2026-42829 json | Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locall... | Thu, 11 Jun 2026 13:04:14 |
| CVE-2026-41108 json | Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally. | Thu, 11 Jun 2026 13:04:14 |
| CVE-2026-53777 json | Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-50223 json | Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-50131 json | Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/in... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-48011 json | Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernam... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-46705 json | Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentica... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-46679 json | libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @l... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-46673 json | Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked len... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-46669 json | OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the open... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-45380 json | bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-38581 json | SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQ... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-11839 json | Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Uplo... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-9648 json | The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificat... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-8406 json | openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated use... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-7870 json | IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious a... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-7787 json | IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing a... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-4096 json | IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOS... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-3341 json | IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an ... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2024-45636 json | IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged us... | Thu, 11 Jun 2026 12:18:15 |
| CVE-2026-42906 json | Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose informa... | Thu, 11 Jun 2026 12:18:14 |
| CVE-2026-42905 json | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Thu, 11 Jun 2026 12:18:14 |
| CVE-2026-42904 json | Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network. | Thu, 11 Jun 2026 12:18:14 |
| CVE-2026-42903 json | Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network. | Thu, 11 Jun 2026 12:18:14 |
| CVE-2026-41847 json | Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spri... | Thu, 11 Jun 2026 12:18:14 |
| CVE-2026-42986 json | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | Thu, 11 Jun 2026 12:02:43 |
| CVE-2026-53723 json | Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe we... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-53661 json | Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity ... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-53423 json | Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane_mp4_plugin allows unauthenti... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-46689 json | Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint ... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-46668 json | SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-46654 json | Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side obse... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-46625 json | JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign(... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-45384 json | bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-42542 json | TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-11816 json | Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-6338 json | A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-5497 json | vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame ... | Thu, 11 Jun 2026 11:47:35 |
| CVE-2026-45586 json | Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an autho... | Thu, 11 Jun 2026 11:47:34 |
| CVE-2026-45487 json | Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to... | Thu, 11 Jun 2026 11:47:34 |
| CVE-2026-45458 json | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute ... | Thu, 11 Jun 2026 11:47:34 |
| CVE-2026-42991 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications all... | Thu, 11 Jun 2026 11:47:34 |
| CVE-2026-42989 json | Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privilege... | Thu, 11 Jun 2026 11:47:34 |
| CVE-2026-42987 json | Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network. | Thu, 11 Jun 2026 11:47:34 |
| CVE-2026-42462 json | Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, ... | Thu, 11 Jun 2026 11:47:34 |
| CVE-2026-34033 json | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue aff... | Thu, 11 Jun 2026 11:47:34 |
| CVE-2026-2049 json | GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack... | Thu, 11 Jun 2026 11:47:34 |
| CVE-2026-49214 json | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control ... | Thu, 11 Jun 2026 11:32:20 |
| CVE-2026-10847 json | A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local u... | Thu, 11 Jun 2026 11:32:20 |
| CVE-2026-7852 json | Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion.... | Thu, 11 Jun 2026 11:32:20 |
| CVE-2026-53912 json | Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow sto... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-48998 json | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header ... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-11561 json | Improper neutralization of special elements used in an expression language statement ('expression language injection') vulner... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-9694 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-9204 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-8589 json | GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-8464 json | Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same loca... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-7250 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-6976 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-6552 json | GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 b... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-6277 json | GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 b... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-6269 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-4764 json | A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows a... | Thu, 11 Jun 2026 11:32:19 |
| CVE-2026-53911 json | Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operatio... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-53901 json | Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attemp... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-41856 json | The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on meth... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-41700 json | Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. A... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-41699 json | Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attack... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-41001 json | Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data di... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-41000 json | Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time ch... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-40999 json | When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections throu... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-11850 json | An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/lda... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-10733 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-10087 json | GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 b... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-3553 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-1500 json | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2025-7064 json | Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 S... | Thu, 11 Jun 2026 11:32:18 |
| CVE-2026-52726 json | Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to versio... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-47734 json | Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-47712 json | Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to versio... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-47213 json | Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers withi... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-46703 json | Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers withi... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-40998 json | Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-40997 json | Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-40996 json | Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for valid... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-40995 json | X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to U... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-40994 json | Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disable... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-40992 json | Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail prop... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-40987 json | A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the confi... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-40986 json | Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "tex... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-40985 json | Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Aff... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-35273 json | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Managemen... | Thu, 11 Jun 2026 11:32:17 |
| CVE-2026-53742 json | Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embed... | Thu, 11 Jun 2026 11:32:16 |
| CVE-2026-53741 json | Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without enc... | Thu, 11 Jun 2026 11:32:16 |