CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-42547 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In version... | Thu, 04 Jun 2026 18:17:09 |
| CVE-2026-42543 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Thu, 04 Jun 2026 18:17:09 |
| CVE-2026-42540 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Thu, 04 Jun 2026 18:17:09 |
| CVE-2026-42539 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2026-42538 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2026-42329 json | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2026-25109 json | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to ... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2026-20910 json | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to ac... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2026-11322 json | Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundar... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2026-10871 json | A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the fi... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2026-7251 json | Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network add... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2026-6074 json | Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.ph... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2024-6858 json | In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exi... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2017-6034 json | An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive info... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2017-6030 json | A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware... | Thu, 04 Jun 2026 18:17:08 |
| CVE-2026-10870 json | A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component... | Thu, 04 Jun 2026 17:17:07 |
| CVE-2026-5066 json | A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/s... | Thu, 04 Jun 2026 17:17:07 |
| CVE-2026-1341 json | Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control. | Thu, 04 Jun 2026 17:17:07 |
| CVE-2025-66590 json | In AzeoTech DAQFactory release 20.7 (Build 2555), an out-of-bounds write vulnerability can be exploited by an attacker to cau... | Thu, 04 Jun 2026 17:17:07 |
| CVE-2025-66588 json | In AzeoTech DAQFactory release 20.7 (Build 2555), an access of uninitialized pointer vulnerability can be exploited by an att... | Thu, 04 Jun 2026 17:17:07 |
| CVE-2025-66586 json | In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploite... | Thu, 04 Jun 2026 17:17:07 |
| CVE-2025-66585 json | In AzeoTech DAQFactory release 20.7 (Build 2555), a use after free vulnerability can be exploited to cause memory corruption ... | Thu, 04 Jun 2026 17:17:07 |
| CVE-2025-53471 json | Emerson ValveLink products receive input or data, but does not validate or incorrectly validates that the input has the pro... | Thu, 04 Jun 2026 17:17:07 |
| CVE-2025-49848 json | An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper valida... | Thu, 04 Jun 2026 17:17:07 |
| CVE-2025-12659 json | Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could all... | Thu, 04 Jun 2026 17:17:07 |
| CVE-2026-10796 json | nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js... | Thu, 04 Jun 2026 16:47:06 |
| CVE-2025-14774 json | Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | Thu, 04 Jun 2026 16:32:06 |
| CVE-2025-14773 json | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This i... | Thu, 04 Jun 2026 16:32:05 |
| CVE-2025-14772 json | Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | Thu, 04 Jun 2026 16:32:05 |
| CVE-2025-14771 json | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | Thu, 04 Jun 2026 16:32:05 |
| CVE-2025-71316 json | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI cod... | Thu, 04 Jun 2026 16:17:06 |
| CVE-2025-65640 json | Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.5... | Thu, 04 Jun 2026 16:17:06 |
| CVE-2025-11950 json | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced ... | Thu, 04 Jun 2026 16:17:06 |
| CVE-2025-11252 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promo... | Thu, 04 Jun 2026 16:17:06 |
| CVE-2025-11251 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Indust... | Thu, 04 Jun 2026 16:17:06 |
| CVE-2025-11242 json | Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Ok... | Thu, 04 Jun 2026 16:17:06 |
| CVE-2025-54807 json | The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who ... | Thu, 04 Jun 2026 16:17:05 |
| CVE-2025-11959 json | Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulner... | Thu, 04 Jun 2026 16:17:05 |
| CVE-2025-11956 json | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software ... | Thu, 04 Jun 2026 16:17:05 |
| CVE-2025-11253 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. N... | Thu, 04 Jun 2026 16:17:05 |
| CVE-2025-11151 json | Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Contr... | Thu, 04 Jun 2026 16:17:05 |
| CVE-2025-11145 json | Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information ... | Thu, 04 Jun 2026 16:17:05 |
| CVE-2025-11025 json | Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimeso... | Thu, 04 Jun 2026 16:17:05 |
| CVE-2025-11023 json | Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP P... | Thu, 04 Jun 2026 16:17:05 |
| CVE-2019-10953 json | ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have... | Thu, 04 Jun 2026 16:17:05 |
| CVE-2026-41569 json | authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-suppl... | Thu, 04 Jun 2026 16:02:05 |
| CVE-2026-28318 json | SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication usin... | Thu, 04 Jun 2026 16:02:05 |
| CVE-2026-9490 json | A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Se... | Thu, 04 Jun 2026 16:02:05 |
| CVE-2026-49204 json | Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49203 json | Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles ... | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49202 json | Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharin... | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49194 json | The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directl... | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49193 json | Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the inte... | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49192 json | The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial nu... | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49191 json | The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose erro... | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49190 json | The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthori... | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49189 json | Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke admin... | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49188 json | The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for una... | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49187 json | The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse. | Thu, 04 Jun 2026 15:47:05 |
| CVE-2026-49199 json | Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. | Thu, 04 Jun 2026 15:47:04 |
| CVE-2026-49186 json | The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wil... | Thu, 04 Jun 2026 15:47:04 |
| CVE-2026-49185 json | The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction inj... | Thu, 04 Jun 2026 15:47:04 |
| CVE-2026-4035 json | A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway se... | Thu, 04 Jun 2026 15:47:04 |
| CVE-2026-50205 json | System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identificatio... | Thu, 04 Jun 2026 15:32:04 |
| CVE-2026-44654 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-a... | Thu, 04 Jun 2026 15:32:04 |
| CVE-2026-44653 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with... | Thu, 04 Jun 2026 15:32:04 |
| CVE-2026-5078 json | Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request he... | Thu, 04 Jun 2026 15:32:04 |
| CVE-2026-48480 json | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp impleme... | Thu, 04 Jun 2026 15:17:06 |
| CVE-2026-41237 json | Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which ma... | Thu, 04 Jun 2026 15:17:06 |
| CVE-2026-41236 json | Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH ... | Thu, 04 Jun 2026 15:17:06 |
| CVE-2026-41235 json | Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` ... | Thu, 04 Jun 2026 15:17:06 |
| CVE-2026-41234 json | Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sa... | Thu, 04 Jun 2026 15:17:06 |
| CVE-2026-40898 json | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allo... | Thu, 04 Jun 2026 15:17:06 |
| CVE-2026-50292 json | In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties le... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-50266 json | In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another projec... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-50076 json | Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-49942 json | Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could conta... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-49941 json | Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to par... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-49940 json | Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-48040 json | The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-46741 json | Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for new... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-46739 json | Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or ... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-41207 json | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-36499 json | A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write a... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-25551 json | Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privile... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-25550 json | Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Re... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-10880 json | OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanit... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2025-69755 json | An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execu... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2025-67448 json | The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not prop... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2025-67447 json | The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2025-67446 json | Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a... | Thu, 04 Jun 2026 15:17:05 |
| CVE-2026-50213 json | The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by i... | Thu, 04 Jun 2026 15:17:04 |
| CVE-2026-50212 json | Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endp... | Thu, 04 Jun 2026 15:17:04 |
| CVE-2026-50211 json | Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps... | Thu, 04 Jun 2026 15:17:04 |
| CVE-2026-50210 json | The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay ... | Thu, 04 Jun 2026 15:17:04 |
| CVE-2026-50209 json | Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, sh... | Thu, 04 Jun 2026 15:17:04 |
| CVE-2026-50208 json | High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryp... | Thu, 04 Jun 2026 15:17:04 |
| CVE-2026-50207 json | The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband ... | Thu, 04 Jun 2026 15:17:04 |
| CVE-2026-50206 json | Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious con... | Thu, 04 Jun 2026 15:17:04 |
| CVE-2026-43985 json | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate`... | Thu, 04 Jun 2026 15:17:04 |