CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-5231 json | The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all ver... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2026-5162 json | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widge... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2026-4817 json | The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind ... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2026-3488 json | The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. ... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2024-11831 json | A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not prope... | Thu, 16 Apr 2026 22:28:14 |
| CVE-2026-40922 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40265 json | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40263 json | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt passwor... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40262 json | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40260 json | pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declara... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-22734 json | Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-pr... | Thu, 16 Apr 2026 21:26:14 |
| CVE-2026-40322 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered wit... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-40318 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttribute... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-40259 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttribute... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-40255 json | AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions pri... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-40253 json | openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding ... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2025-22870 json | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the ... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2024-58343 json | Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data t... | Thu, 16 Apr 2026 19:24:22 |
| CVE-2026-41113 json | sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40308 json | My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX end... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40249 json | free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT hand... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40248 json | free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler ... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40247 json | free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler ... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40246 json | free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler ... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-40170 json | ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_par... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-39313 json | mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequest... | Thu, 16 Apr 2026 18:24:21 |
| CVE-2026-35469 json | spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame pars... | Thu, 16 Apr 2026 18:24:20 |
| CVE-2026-34164 json | Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService ... | Thu, 16 Apr 2026 18:24:20 |
| CVE-2026-33472 json | Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in C... | Thu, 16 Apr 2026 18:24:20 |
| CVE-2026-33032 json | Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Proto... | Thu, 16 Apr 2026 18:24:20 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Thu, 16 Apr 2026 18:09:20 |
| CVE-2026-41035 json | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver us... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2026-40901 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2026-40900 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2026-35592 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function ... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2025-70873 json | An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows ... | Thu, 16 Apr 2026 17:24:19 |
| CVE-2016-8747 json | An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy co... | Thu, 16 Apr 2026 17:09:18 |
| CVE-2012-3442 json | The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and... | Thu, 16 Apr 2026 17:09:18 |
| CVE-2006-0749 json | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, ... | Thu, 16 Apr 2026 17:09:18 |
| CVE-2026-35636 json | OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves ... | Thu, 16 Apr 2026 16:54:19 |
| CVE-2026-35634 json | OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest(... | Thu, 16 Apr 2026 16:54:19 |
| CVE-2026-35627 json | OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing se... | Thu, 16 Apr 2026 16:54:19 |
| CVE-2026-5187 json | Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check on... | Thu, 16 Apr 2026 16:54:19 |
| CVE-2026-40088 json | PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are expo... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-39977 json | flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an ... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-35556 json | OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credenti... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-35063 json | OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=u... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-4636 json | A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy ... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-4634 json | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST ... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-4325 json | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolatio... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-4282 json | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolatio... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-3872 json | A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the ... | Thu, 16 Apr 2026 16:54:18 |
| CVE-2026-40107 json | SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" an... | Thu, 16 Apr 2026 16:39:18 |
| CVE-2026-20021 json | A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Fir... | Thu, 16 Apr 2026 16:39:18 |
| CVE-2026-5194 json | Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than... | Thu, 16 Apr 2026 16:39:18 |
| CVE-2026-40899 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blo... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-33207 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-33122 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-33083 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-31262 json | Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sen... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2025-54510 json | A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administr... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2025-54502 json | Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2023-20585 json | Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervi... | Thu, 16 Apr 2026 16:24:18 |
| CVE-2026-5121 json | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer alloc... | Thu, 16 Apr 2026 16:24:17 |
| CVE-2026-4424 json | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to ... | Thu, 16 Apr 2026 16:24:17 |
| CVE-2024-10106 json | A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buff... | Thu, 16 Apr 2026 16:24:17 |
| CVE-2008-3909 json | The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them af... | Thu, 16 Apr 2026 17:11:39 |
| CVE-2026-29043 json | HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigge... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-29002 json | CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accou... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-6069 json | NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker tr... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-6068 json | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory i... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-6067 json | A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_direc... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-1115 json | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the late... | Thu, 16 Apr 2026 15:54:16 |
| CVE-2026-34781 json | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8... | Thu, 16 Apr 2026 15:39:15 |
| CVE-2026-33121 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 15:24:17 |
| CVE-2026-33084 json | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vuln... | Thu, 16 Apr 2026 15:24:17 |
| CVE-2026-6442 json | Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to exe... | Thu, 16 Apr 2026 15:24:17 |
| CVE-2025-43937 json | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability... | Thu, 16 Apr 2026 15:24:17 |
| CVE-2026-40175 json | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable ... | Thu, 16 Apr 2026 15:24:16 |
| CVE-2026-31987 json | JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade... | Thu, 16 Apr 2026 15:24:16 |
| CVE-2025-62718 json | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle... | Thu, 16 Apr 2026 15:24:16 |
| CVE-2025-43935 json | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high pr... | Thu, 16 Apr 2026 15:24:16 |
| CVE-2026-34197 json | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker,... | Thu, 16 Apr 2026 15:59:38 |
| CVE-2026-3497 json | Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patc... | Thu, 16 Apr 2026 15:24:15 |
| CVE-2025-27363 json | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when atte... | Thu, 16 Apr 2026 15:24:15 |
| CVE-2026-35586 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS auth... | Thu, 16 Apr 2026 15:09:17 |
| CVE-2026-35584 json | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread... | Thu, 16 Apr 2026 15:09:17 |
| CVE-2026-35583 json | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint (/api/configuration/{nam... | Thu, 16 Apr 2026 15:09:17 |
| CVE-2026-29144 json | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags... | Thu, 16 Apr 2026 15:09:17 |
| CVE-2026-29143 json | SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME... | Thu, 16 Apr 2026 15:09:17 |
| CVE-2026-5731 json | Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunder... | Thu, 16 Apr 2026 15:09:17 |
| CVE-2025-70797 json | Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the ... | Thu, 16 Apr 2026 15:09:17 |
| CVE-2025-63238 json | A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of ... | Thu, 16 Apr 2026 15:09:17 |
| CVE-2026-29142 json | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. | Thu, 16 Apr 2026 15:09:16 |
| CVE-2026-29141 json | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as ... | Thu, 16 Apr 2026 15:09:16 |
| CVE-2026-29140 json | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used f... | Thu, 16 Apr 2026 15:09:16 |
| CVE-2026-29139 json | SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a... | Thu, 16 Apr 2026 15:09:16 |
| CVE-2026-29138 json | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another ... | Thu, 16 Apr 2026 15:09:16 |
| CVE-2026-29137 json | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long su... | Thu, 16 Apr 2026 15:09:16 |
| CVE-2026-29136 json | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA c... | Thu, 16 Apr 2026 15:09:16 |