CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-31685 json | In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31684 json | In the Linux kernel, the following vulnerability has been resolved: net: sched: act_csum: validate nested VLAN headers tcf_... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31683 json | In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is i... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31682 json | In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND opti... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31681 json | In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_multiport: validate range encoding in chec... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31680 json | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: flowlabel: defer exclusive option free until ... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31679 json | In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/set_masked payload length... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31678 json | In the Linux kernel, the following vulnerability has been resolved: openvswitch: defer tunnel netdev_put to RCU release ovs... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31677 json | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffe... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31676 json | In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge On... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31675 json | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_netem: fix out-of-bounds access in packet... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31674 json | In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_ch... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31673 json | In the Linux kernel, the following vulnerability has been resolved: af_unix: read UNIX_DIAG_VFS data under unix_state_lock ... | Sat, 25 Apr 2026 05:19:14 |
| CVE-2026-31534 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Sat, 25 Apr 2026 02:17:14 |
| CVE-2026-6951 json | Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [... | Sat, 25 Apr 2026 02:17:14 |
| CVE-2026-41502 json | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-boun... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41433 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41421 json | SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages a... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41322 json | @astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources fro... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41319 json | MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versi... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41079 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a netwo... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-33318 json | Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can e... | Fri, 24 Apr 2026 23:30:14 |
| CVE-2026-41277 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vu... | Fri, 24 Apr 2026 22:29:34 |
| CVE-2026-41275 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset f... | Fri, 24 Apr 2026 22:29:34 |
| CVE-2026-41270 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Reques... | Fri, 24 Apr 2026 22:29:34 |
| CVE-2026-41266 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatb... | Fri, 24 Apr 2026 22:29:34 |
| CVE-2026-41213 json | @node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-i... | Fri, 24 Apr 2026 22:29:34 |
| CVE-2026-40886 json | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 t... | Fri, 24 Apr 2026 22:29:34 |
| CVE-2026-33077 json | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfi... | Fri, 24 Apr 2026 22:29:34 |
| CVE-2026-4878 json | A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in t... | Fri, 24 Apr 2026 22:29:34 |
| CVE-2026-2100 json | A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remo... | Fri, 24 Apr 2026 22:29:34 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Fri, 24 Apr 2026 21:14:32 |
| CVE-2025-14821 json | A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure She... | Fri, 24 Apr 2026 20:29:31 |
| CVE-2026-6175 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Fri, 24 Apr 2026 19:29:29 |
| CVE-2026-0966 json | The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used inte... | Fri, 24 Apr 2026 19:29:29 |
| CVE-2026-42171 json | NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTE... | Fri, 24 Apr 2026 18:29:28 |
| CVE-2026-41488 json | LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size()... | Fri, 24 Apr 2026 17:29:27 |
| CVE-2026-41481 json | LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHead... | Fri, 24 Apr 2026 17:29:27 |
| CVE-2026-41478 json | Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL ... | Fri, 24 Apr 2026 17:29:27 |
| CVE-2026-41476 json | Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipbo... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-41473 json | CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints tha... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-41472 json | CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-41428 json | Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressio... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-41328 json | Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives a... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-41248 json | Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-41244 json | Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherE... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-6968 json | Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-6967 json | Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allow... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-6966 json | Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-0988 json | A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function ca... | Fri, 24 Apr 2026 17:29:26 |
| CVE-2026-40604 json | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfi... | Fri, 24 Apr 2026 16:59:25 |
| CVE-2026-40599 json | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, Clearanc... | Fri, 24 Apr 2026 16:59:25 |
| CVE-2026-40161 json | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton P... | Fri, 24 Apr 2026 16:59:25 |
| CVE-2026-39320 json | Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an u... | Fri, 24 Apr 2026 16:59:25 |
| CVE-2026-40876 json | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based p... | Fri, 24 Apr 2026 16:44:25 |
| CVE-2026-40516 json | OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools... | Fri, 24 Apr 2026 16:44:24 |
| CVE-2026-40515 json | OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files b... | Fri, 24 Apr 2026 16:44:24 |
| CVE-2026-41503 json | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vul... | Fri, 24 Apr 2026 16:29:26 |
| CVE-2026-41477 json | Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes... | Fri, 24 Apr 2026 16:29:26 |
| CVE-2026-41475 json | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vul... | Fri, 24 Apr 2026 16:29:26 |
| CVE-2026-41429 json | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior t... | Fri, 24 Apr 2026 16:29:26 |
| CVE-2026-41427 json | Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option docume... | Fri, 24 Apr 2026 16:29:26 |
| CVE-2026-41426 json | pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails... | Fri, 24 Apr 2026 16:29:26 |
| CVE-2026-41492 json | Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the ... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2026-41459 json | Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated a... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2026-41425 json | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on th... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2026-40320 json | Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered t... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2026-40319 json | Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a use... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2026-34415 json | Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connecto... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2026-34414 json | Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector end... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2026-34413 json | Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endp... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2026-20806 json | Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose inform... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2025-65104 json | Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data... | Fri, 24 Apr 2026 16:29:25 |
| CVE-2026-0390 json | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security... | Fri, 24 Apr 2026 16:29:24 |
| CVE-2025-68085 json | Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows Exploiting Incorrectly Conf... | Fri, 24 Apr 2026 16:29:24 |
| CVE-2025-68079 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Sho... | Fri, 24 Apr 2026 16:29:24 |
| CVE-2025-68071 json | Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows ... | Fri, 24 Apr 2026 16:29:24 |
| CVE-2025-68066 json | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Penc... | Fri, 24 Apr 2026 16:29:24 |
| CVE-2025-68055 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking ... | Fri, 24 Apr 2026 16:29:24 |
| CVE-2025-54005 json | Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Acc... | Fri, 24 Apr 2026 16:29:24 |
| CVE-2024-7399 json | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.105... | Fri, 24 Apr 2026 16:29:24 |
| CVE-2026-26156 json | Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-26155 json | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-26154 json | Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a networ... | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-26153 json | Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-26152 json | Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileg... | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-26151 json | Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing... | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-25184 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applo... | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-23670 json | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass ... | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-20930 json | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services al... | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-20928 json | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthor... | Fri, 24 Apr 2026 16:14:24 |
| CVE-2026-26160 json | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to ele... | Fri, 24 Apr 2026 15:59:24 |
| CVE-2026-26159 json | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to ele... | Fri, 24 Apr 2026 15:59:24 |
| CVE-2026-26163 json | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | Fri, 24 Apr 2026 15:44:23 |
| CVE-2026-26162 json | Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privile... | Fri, 24 Apr 2026 15:44:23 |
| CVE-2026-26161 json | Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. | Fri, 24 Apr 2026 15:44:23 |
| CVE-2026-41907 json | uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers ... | Fri, 24 Apr 2026 15:29:26 |
| CVE-2026-42044 json | Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable... | Fri, 24 Apr 2026 15:29:25 |
| CVE-2026-42041 json | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable... | Fri, 24 Apr 2026 15:29:25 |
| CVE-2026-42039 json | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks ne... | Fri, 24 Apr 2026 15:29:25 |