CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.

Read the API docs

[rss] [api]
Recent CVEs
Recently updated CVE records
CVE Description Updated
CVE-2026-9824 json Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permissi... Mon, 13 Jul 2026 07:17:52
CVE-2026-9820 json Mattermost versions 11.7.x <= 11.7.2, 10.11.x <= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint... Mon, 13 Jul 2026 07:17:52
CVE-2026-61985 json Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Con... Mon, 13 Jul 2026 07:17:51
CVE-2026-61970 json Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail a... Mon, 13 Jul 2026 07:17:51
CVE-2026-59523 json Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting I... Mon, 13 Jul 2026 07:17:51
CVE-2026-57815 json Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMU DEV - Your All-in-One Wo... Mon, 13 Jul 2026 07:17:51
CVE-2026-57805 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sele... Mon, 13 Jul 2026 07:17:51
CVE-2026-14934 json A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab E... Mon, 13 Jul 2026 07:17:51
CVE-2026-6541 json Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict metric configuration changes to ... Mon, 13 Jul 2026 07:17:51
CVE-2026-4765 json Stored Cross-Site Scripting (XSS) vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’... Mon, 13 Jul 2026 07:17:51
CVE-2026-61983 json Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access C... Mon, 13 Jul 2026 06:17:28
CVE-2026-61977 json Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search a... Mon, 13 Jul 2026 06:17:28
CVE-2026-61976 json Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elemento... Mon, 13 Jul 2026 06:17:28
CVE-2026-61975 json Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews... Mon, 13 Jul 2026 06:17:28
CVE-2026-61971 json Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture al... Mon, 13 Jul 2026 06:17:28
CVE-2026-61968 json Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Secur... Mon, 13 Jul 2026 06:17:28
CVE-2026-61958 json Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Expl... Mon, 13 Jul 2026 06:17:28
CVE-2026-61956 json Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام &#8211; همگام سازی ووکامرس و باس... Mon, 13 Jul 2026 06:17:28
CVE-2026-61955 json Mon, 13 Jul 2026 06:17:28
CVE-2026-61952 json Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products al... Mon, 13 Jul 2026 06:17:28
CVE-2026-59521 json Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injectio... Mon, 13 Jul 2026 06:17:28
CVE-2026-59518 json Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects D... Mon, 13 Jul 2026 06:17:28
CVE-2026-59516 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Room 34 Creative Servic... Mon, 13 Jul 2026 06:17:27
CVE-2026-59515 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sergey AIWU ai-copilot-... Mon, 13 Jul 2026 06:17:27
CVE-2026-57816 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builde... Mon, 13 Jul 2026 06:17:27
CVE-2026-57814 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-... Mon, 13 Jul 2026 06:17:27
CVE-2026-57813 json Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue aff... Mon, 13 Jul 2026 06:17:27
CVE-2026-57812 json Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting I... Mon, 13 Jul 2026 06:17:27
CVE-2026-57811 json Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-l... Mon, 13 Jul 2026 06:17:27
CVE-2026-57810 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts S... Mon, 13 Jul 2026 06:17:27
CVE-2026-57804 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code... Mon, 13 Jul 2026 06:17:27
CVE-2026-57803 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sele... Mon, 13 Jul 2026 06:17:27
CVE-2026-57802 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sele... Mon, 13 Jul 2026 06:17:27
CVE-2026-57801 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sele... Mon, 13 Jul 2026 06:17:27
CVE-2026-57800 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge... Mon, 13 Jul 2026 06:17:27
CVE-2026-57799 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxpe... Mon, 13 Jul 2026 06:17:27
CVE-2026-57798 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saur... Mon, 13 Jul 2026 06:17:27
CVE-2026-57797 json Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Secu... Mon, 13 Jul 2026 06:17:27
CVE-2026-57796 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VLTh... Mon, 13 Jul 2026 06:17:27
CVE-2026-57795 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in them... Mon, 13 Jul 2026 06:17:27
CVE-2026-57794 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxpe... Mon, 13 Jul 2026 06:17:27
CVE-2026-57793 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elat... Mon, 13 Jul 2026 06:17:27
CVE-2026-57792 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mika... Mon, 13 Jul 2026 06:17:27
CVE-2026-57791 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Them... Mon, 13 Jul 2026 06:17:27
CVE-2026-57790 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Them... Mon, 13 Jul 2026 06:17:27
CVE-2026-57789 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwst... Mon, 13 Jul 2026 06:17:27
CVE-2026-57788 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge... Mon, 13 Jul 2026 06:17:27
CVE-2026-57787 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeWS CWS SVGicons... Mon, 13 Jul 2026 06:17:27
CVE-2026-57786 json Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This... Mon, 13 Jul 2026 06:17:27
CVE-2026-57783 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in merkulove Speaker speak... Mon, 13 Jul 2026 06:17:27
CVE-2026-57782 json Missing Authorization vulnerability in PressTigers Universal Clocks universal-clocks allows Exploiting Incorrectly Configured... Mon, 13 Jul 2026 06:17:27
CVE-2026-57781 json Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control S... Mon, 13 Jul 2026 06:17:27
CVE-2026-57780 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Envision Envisio... Mon, 13 Jul 2026 06:17:27
CVE-2026-57779 json Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control ... Mon, 13 Jul 2026 06:17:27
CVE-2026-57778 json Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiti... Mon, 13 Jul 2026 06:17:27
CVE-2026-57776 json Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control... Mon, 13 Jul 2026 06:17:27
CVE-2026-57774 json Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access... Mon, 13 Jul 2026 06:17:27
CVE-2026-57773 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zorem Advanced Shipment... Mon, 13 Jul 2026 06:17:27
CVE-2026-57772 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Inventory WP Invento... Mon, 13 Jul 2026 06:17:27
CVE-2026-57771 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Ratin... Mon, 13 Jul 2026 06:17:27
CVE-2026-57770 json Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This... Mon, 13 Jul 2026 06:17:27
CVE-2026-57768 json Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escal... Mon, 13 Jul 2026 06:17:26
CVE-2026-57745 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan RT-Theme 18 | Ex... Mon, 13 Jul 2026 06:17:26
CVE-2026-57744 json Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.Th... Mon, 13 Jul 2026 06:17:26
CVE-2026-57743 json Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmc... Mon, 13 Jul 2026 06:17:26
CVE-2026-57741 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter T... Mon, 13 Jul 2026 06:17:26
CVE-2026-57740 json Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Inc... Mon, 13 Jul 2026 06:17:26
CVE-2026-57739 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AcyMailing Newsletter T... Mon, 13 Jul 2026 06:17:26
CVE-2026-57738 json Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 77... Mon, 13 Jul 2026 06:17:26
CVE-2026-57734 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer ... Mon, 13 Jul 2026 06:17:26
CVE-2026-57733 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Lib... Mon, 13 Jul 2026 06:17:26
CVE-2026-57732 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Bu... Mon, 13 Jul 2026 06:17:26
CVE-2026-57729 json Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Se... Mon, 13 Jul 2026 06:17:26
CVE-2026-57728 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flat... Mon, 13 Jul 2026 06:17:26
CVE-2026-57727 json Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security L... Mon, 13 Jul 2026 06:17:26
CVE-2026-57726 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki all... Mon, 13 Jul 2026 06:17:26
CVE-2026-57725 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki all... Mon, 13 Jul 2026 06:17:26
CVE-2026-57724 json Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from... Mon, 13 Jul 2026 06:17:26
CVE-2026-57719 json Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Maliciou... Mon, 13 Jul 2026 06:17:26
CVE-2026-57718 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unli... Mon, 13 Jul 2026 06:17:26
CVE-2026-57715 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja Fluent CR... Mon, 13 Jul 2026 06:17:26
CVE-2026-57714 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LatePoint LatePoint lat... Mon, 13 Jul 2026 06:17:26
CVE-2026-57713 json Deserialization of Untrusted Data vulnerability in Marcus (aka @msykes) Events Manager events-manager allows Object Injection... Mon, 13 Jul 2026 06:17:26
CVE-2026-57712 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Portfolio... Mon, 13 Jul 2026 06:17:26
CVE-2026-57711 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PSM Plugins SupportCand... Mon, 13 Jul 2026 06:17:26
CVE-2026-57710 json Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Ma... Mon, 13 Jul 2026 06:17:26
CVE-2026-57709 json Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Swings Membership For WooC... Mon, 13 Jul 2026 06:17:26
CVE-2026-57708 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Contact Form ... Mon, 13 Jul 2026 06:17:26
CVE-2026-57707 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Bus... Mon, 13 Jul 2026 06:17:26
CVE-2026-57706 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan, Inc. Dokan dokan... Mon, 13 Jul 2026 06:17:26
CVE-2026-57705 json Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Co... Mon, 13 Jul 2026 06:17:26
CVE-2026-57702 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Melograno Venture Studi... Mon, 13 Jul 2026 06:17:26
CVE-2026-57698 json Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce ... Mon, 13 Jul 2026 06:17:26
CVE-2026-57697 json Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-gr... Mon, 13 Jul 2026 06:17:26
CVE-2026-57695 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Document G... Mon, 13 Jul 2026 06:17:26
CVE-2026-57694 json Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Confi... Mon, 13 Jul 2026 06:17:26
CVE-2026-57693 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter a... Mon, 13 Jul 2026 06:17:26
CVE-2026-57691 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eli Anti-Malware Securi... Mon, 13 Jul 2026 06:17:26
CVE-2026-57668 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-for... Mon, 13 Jul 2026 06:17:26
CVE-2026-57424 json Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incor... Mon, 13 Jul 2026 06:17:26
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report