CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-57518 json | Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-57231 json | Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment ... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-56823 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-56663 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-55686 json | Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the ... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-55677 json | Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. T... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-54636 json | Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-48529 json | GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode en... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-45408 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metachara... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-45407 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, ... | Fri, 26 Jun 2026 13:17:13 |
| CVE-2026-57662 json | Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-57656 json | Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-57650 json | Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions. | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-57644 json | Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-57637 json | Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions. | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-57527 json | Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attac... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-45406 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includ... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-45405 json | Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip ar... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-30041 json | An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or c... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-28385 json | In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functional... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-13434 json | A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus net... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-12411 json | Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, ... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-11779 json | An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-9640 json | A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regardin... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-9639 json | Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated us... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2025-32423 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2025-32394 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Pr... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2023-20572 json | An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the has... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2023-20540 json | An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the has... | Fri, 26 Jun 2026 13:17:12 |
| CVE-2026-57881 json | An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-57879 json | An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and ... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-57453 json | Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim f... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-49506 json | Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Direc... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-48520 json | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (o... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-48519 json | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-48491 json | Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-46602 json | The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containin... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-46601 json | The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-42867 json | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-33760 json | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor rou... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-30040 json | A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-11702 json | Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is ... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-11625 json | Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initial... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-10097 json | wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fu... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-2053 json | The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restr... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2025-26988 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert O... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2025-26984 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert O... | Fri, 26 Jun 2026 13:17:11 |
| CVE-2026-56789 json | RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows att... | Fri, 26 Jun 2026 13:01:52 |
| CVE-2026-56788 json | RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX o... | Fri, 26 Jun 2026 13:01:52 |
| CVE-2026-56787 json | RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 ... | Fri, 26 Jun 2026 13:01:52 |
| CVE-2026-10512 json | The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the ... | Fri, 26 Jun 2026 13:01:52 |
| CVE-2026-7531 json | Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a ... | Fri, 26 Jun 2026 13:01:52 |
| CVE-2026-57588 json | A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a pri... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-57587 json | A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scan... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-57437 json | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathConte... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-57436 json | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#r... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-56786 json | RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length cou... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-56123 json | socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 prox... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-55967 json | AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by th... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-55961 json | wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object ... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-50549 json | Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by defa... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-50548 json | Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by defa... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-27610 json | Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, t... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-27609 json | Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, t... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-27608 json | Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, t... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-11999 json | X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert(... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-6291 json | Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key trans... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-6094 json | Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be tr... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-6091 json | Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificat... | Fri, 26 Jun 2026 13:01:51 |
| CVE-2026-27595 json | Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, t... | Fri, 26 Jun 2026 13:01:50 |
| CVE-2026-54762 json | Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in ... | Fri, 26 Jun 2026 12:46:40 |
| CVE-2026-53622 json | Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QU... | Fri, 26 Jun 2026 12:46:40 |
| CVE-2025-6965 json | There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of ... | Fri, 26 Jun 2026 12:46:39 |
| CVE-2026-47214 json | Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem... | Fri, 26 Jun 2026 12:31:38 |
| CVE-2026-5757 json | Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read ... | Fri, 26 Jun 2026 12:31:38 |
| CVE-2026-57665 json | Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-57664 json | Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-57659 json | Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-57658 json | Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions. | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-57653 json | Contributor SQL Injection in WP Job Portal <= 2.5.2 versions. | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-57652 json | Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions. | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-57647 json | Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-57646 json | Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions. | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-57641 json | Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions. | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-45195 json | Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory rea... | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-44018 json | Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem... | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-21734 json | A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bound... | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-9699 json | Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before loggi... | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-0828 json | Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivile... | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-0685 json | Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a re... | Fri, 26 Jun 2026 12:31:37 |
| CVE-2025-11919 json | The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same... | Fri, 26 Jun 2026 12:31:37 |
| CVE-2026-57640 json | Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions. | Fri, 26 Jun 2026 12:31:36 |
| CVE-2026-57634 json | Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions. | Fri, 26 Jun 2026 12:31:36 |
| CVE-2026-57633 json | Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions. | Fri, 26 Jun 2026 12:31:36 |
| CVE-2026-57628 json | Administrator SQL Injection in WP All Import <= 4.0.1 versions. | Fri, 26 Jun 2026 12:31:36 |
| CVE-2026-57627 json | Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. | Fri, 26 Jun 2026 12:31:36 |
| CVE-2026-57430 json | Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions. | Fri, 26 Jun 2026 12:31:36 |
| CVE-2026-57325 json | Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions. | Fri, 26 Jun 2026 12:31:36 |
| CVE-2026-57319 json | Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions. | Fri, 26 Jun 2026 12:31:36 |
| CVE-2026-57318 json | Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions. | Fri, 26 Jun 2026 12:31:36 |