CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-48507 json | Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding... | Tue, 09 Jun 2026 12:52:10 |
| CVE-2026-46490 json | samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes... | Tue, 09 Jun 2026 12:52:10 |
| CVE-2026-11637 json | Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code v... | Tue, 09 Jun 2026 12:52:10 |
| CVE-2026-11636 json | Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user... | Tue, 09 Jun 2026 12:52:10 |
| CVE-2026-47328 json | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previ... | Tue, 09 Jun 2026 12:36:28 |
| CVE-2026-29170 json | A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 an... | Tue, 09 Jun 2026 12:36:28 |
| CVE-2026-29167 json | Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HT... | Tue, 09 Jun 2026 12:36:28 |
| CVE-2026-49948 json | Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server... | Tue, 09 Jun 2026 12:21:16 |
| CVE-2026-49938 json | A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPo... | Tue, 09 Jun 2026 12:21:16 |
| CVE-2026-25089 json | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiS... | Tue, 09 Jun 2026 12:21:16 |
| CVE-2026-24065 json | Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged h... | Tue, 09 Jun 2026 12:21:16 |
| CVE-2026-24064 json | Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC clie... | Tue, 09 Jun 2026 12:21:16 |
| CVE-2026-10727 json | An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authen... | Tue, 09 Jun 2026 12:21:16 |
| CVE-2026-10523 json | An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allow... | Tue, 09 Jun 2026 12:21:16 |
| CVE-2026-8045 json | CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of... | Tue, 09 Jun 2026 12:21:16 |
| CVE-2026-8025 json | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Techno... | Tue, 09 Jun 2026 12:21:16 |
| CVE-2026-46442 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-34905 json | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer:... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-34356 json | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* Th... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-34355 json | A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users ... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-34031 json | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-33582 json | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-25699 json | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache ... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-25688 json | Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-11619 json | A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdo... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-11618 json | A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-11555 json | A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-11517 json | A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/fo... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-11497 json | A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the ... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-11492 json | A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-11461 json | A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title ... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-10787 json | Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enu... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-10520 json | An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remot... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2025-67862 json | An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2025-10263 json | Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cor... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2009-10007 json | Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plu... | Tue, 09 Jun 2026 12:21:15 |
| CVE-2026-50589 json | In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints ... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-48102 json | 7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up t... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-46396 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-46390 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, t... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-46357 json | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application ... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-45746 json | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to versio... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-36501 json | An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-11449 json | A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc_sys of the fi... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-11339 json | A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /bo... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-6973 json | A configuration control vulnerability in the Ivanti Endpoint Manager Mobile before 12.9.0.1, 12.8.0.3 and 12.7.0.2 ve... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2025-31514 json | A insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all ver... | Tue, 09 Jun 2026 12:21:14 |
| CVE-2026-42536 json | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This... | Tue, 09 Jun 2026 12:05:17 |
| CVE-2026-42535 json | A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trust... | Tue, 09 Jun 2026 12:05:17 |
| CVE-2026-11286 json | Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who ha... | Tue, 09 Jun 2026 11:50:17 |
| CVE-2026-11285 json | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to pe... | Tue, 09 Jun 2026 11:50:17 |
| CVE-2026-46484 json | Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a... | Tue, 09 Jun 2026 11:35:18 |
| CVE-2026-44541 json | Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS ... | Tue, 09 Jun 2026 11:35:18 |
| CVE-2026-6899 json | Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the Cyc... | Tue, 09 Jun 2026 11:35:18 |
| CVE-2026-52778 json | YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form f... | Tue, 09 Jun 2026 11:35:17 |
| CVE-2026-49232 json | Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as run... | Tue, 09 Jun 2026 11:35:17 |
| CVE-2026-48488 json | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a crypto... | Tue, 09 Jun 2026 11:35:17 |
| CVE-2026-46486 json | MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential com... | Tue, 09 Jun 2026 11:35:17 |
| CVE-2026-46481 json | OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION work... | Tue, 09 Jun 2026 11:35:17 |
| CVE-2026-45581 json | fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before ... | Tue, 09 Jun 2026 11:35:17 |
| CVE-2026-11284 json | Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak... | Tue, 09 Jun 2026 11:35:17 |
| CVE-2026-11282 json | Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to pote... | Tue, 09 Jun 2026 11:35:17 |
| CVE-2026-11700 json | Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer... | Tue, 09 Jun 2026 11:05:19 |
| CVE-2026-11699 json | Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit ... | Tue, 09 Jun 2026 11:05:19 |
| CVE-2026-11698 json | Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit ... | Tue, 09 Jun 2026 11:05:19 |
| CVE-2026-11697 json | Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potent... | Tue, 09 Jun 2026 11:05:19 |
| CVE-2026-11696 json | Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised ... | Tue, 09 Jun 2026 11:05:19 |
| CVE-2026-11695 json | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-or... | Tue, 09 Jun 2026 11:05:19 |
| CVE-2026-11694 json | Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the re... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11692 json | Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the re... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11691 json | Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11690 json | Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compr... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11688 json | Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary c... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11687 json | Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap ... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11686 json | Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacke... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11685 json | Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to lea... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11684 json | Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had comprom... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11683 json | Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code insi... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11680 json | Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary co... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11679 json | Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised th... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11678 json | Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the rendere... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11677 json | Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network pro... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11675 json | Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the rendere... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11674 json | Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code ins... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11673 json | Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code... | Tue, 09 Jun 2026 11:05:18 |
| CVE-2026-11671 json | Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sand... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11670 json | Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a s... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11667 json | Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU p... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11665 json | Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11664 json | Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap cor... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11663 json | Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer pr... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11662 json | Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code insid... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11661 json | Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11660 json | Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11659 json | Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a s... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11657 json | Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary cod... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11656 json | Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install ... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11655 json | Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the r... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11654 json | Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perf... | Tue, 09 Jun 2026 11:05:17 |
| CVE-2026-11652 json | Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the rende... | Tue, 09 Jun 2026 11:05:17 |