CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Sat, 11 Apr 2026 12:12:00 |
| CVE-2026-35537 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session h... | Sat, 11 Apr 2026 11:25:55 |
| CVE-2026-32146 json | Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modi... | Sat, 11 Apr 2026 10:24:30 |
| CVE-2026-23900 json | Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discov... | Sat, 11 Apr 2026 10:24:30 |
| CVE-2026-31408 json | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() d... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-23414 json | In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The a... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-23401 json | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when c... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-23389 json | In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-23360 json | In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvm... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2025-71269 json | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inl... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2025-68265 json | In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin request_queue lifetime The namespaces c... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2025-40242 json | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lo... | Sat, 11 Apr 2026 09:23:23 |
| CVE-2026-5809 json | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is... | Sat, 11 Apr 2026 04:20:14 |
| CVE-2026-34621 json | Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Objec... | Sat, 11 Apr 2026 03:19:14 |
| CVE-2026-1502 json | CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. | Sat, 11 Apr 2026 01:17:34 |
| CVE-2026-5876 json | Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cros... | Sat, 11 Apr 2026 00:32:00 |
| CVE-2026-5875 json | Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted... | Sat, 11 Apr 2026 00:32:00 |
| CVE-2026-5874 json | Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage ... | Sat, 11 Apr 2026 00:32:00 |
| CVE-2026-34080 json | xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eav... | Fri, 10 Apr 2026 23:30:36 |
| CVE-2026-5226 json | The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL pa... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-5217 json | The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnera... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-5207 json | The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and includ... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-5144 json | The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-4979 json | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress ... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-4895 json | The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versi... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-3498 json | The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in a... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-3371 json | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-3358 json | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enro... | Fri, 10 Apr 2026 22:30:35 |
| CVE-2026-5496 json | Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allo... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5495 json | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5494 json | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5493 json | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5059 json | aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to e... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5058 json | aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute a... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5055 json | NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attacker... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5054 json | NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers t... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-5053 json | NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to d... | Fri, 10 Apr 2026 21:30:34 |
| CVE-2026-40354 json | Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host contex... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-34078 json | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in th... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4158 json | KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4157 json | ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4156 json | ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4155 json | ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerabil... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4154 json | GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4153 json | GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4152 json | GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attack... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4151 json | GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4150 json | GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-4149 json | Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attacke... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-3691 json | OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose st... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-3690 json | OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on a... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-3689 json | OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose s... | Fri, 10 Apr 2026 21:30:33 |
| CVE-2026-40199 json | Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ip... | Fri, 10 Apr 2026 18:30:28 |
| CVE-2026-40198 json | Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6(... | Fri, 10 Apr 2026 18:30:28 |
| CVE-2026-33119 json | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attac... | Fri, 10 Apr 2026 18:30:28 |
| CVE-2026-33118 json | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Fri, 10 Apr 2026 18:30:28 |
| CVE-2026-40252 json | FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (IDOR/BOLA) allows any auth... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-40242 json | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fet... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-40194 json | phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet(... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-40191 json | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-34486 json | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-34483 json | Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affec... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-34020 json | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HT... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-6057 json | FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote att... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-5724 json | The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper an... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-5483 json | A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat Ope... | Fri, 10 Apr 2026 17:30:28 |
| CVE-2026-39883 json | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Dar... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-39859 json | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 docume... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-39408 json | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issu... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-35534 json | ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in P... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-35525 json | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% r... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-35407 json | Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and author... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-34723 json | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attacker... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-34719 json | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-34166 json | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in L... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-34079 json | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-33229 json | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and ... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-28390 json | Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer derefer... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-28389 json | Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-28388 json | Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might h... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-28386 json | Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2026-4631 json | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without ... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2025-45058 json | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This v... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2025-45057 json | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. ... | Fri, 10 Apr 2026 17:30:27 |
| CVE-2018-25249 json | MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject ... | Fri, 10 Apr 2026 17:30:26 |
| CVE-2018-25248 json | MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject ma... | Fri, 10 Apr 2026 17:30:26 |
| CVE-2025-50673 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50672 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_dlink... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50671 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.a... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50670 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.a... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50669 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the w... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50668 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /web_l... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50667 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the iface parameter in the /w... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50666 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /w... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50665 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50664 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50663 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /us... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50662 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /ur... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50661 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /u... | Fri, 10 Apr 2026 17:15:27 |
| CVE-2025-50660 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /ur... | Fri, 10 Apr 2026 17:15:27 |