CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-40163 json | Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the PO... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-40162 json | Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-33141 json | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-32932 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session c... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-32931 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in th... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-32930 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vuln... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-32894 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vuln... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-32893 json | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-32892 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vu... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-31941 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forg... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-31940 json | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled reque... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-31939 json | Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php lead... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-5483 json | A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat Ope... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-1502 json | CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. | Fri, 10 Apr 2026 14:30:23 |
| CVE-2025-66447 json | Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the u... | Fri, 10 Apr 2026 14:30:23 |
| CVE-2026-40200 json | An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-39603 json | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Fo... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-39575 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Q... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-39541 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking ... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-39517 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter b... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-39508 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Advanced ... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-39505 json | Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-39501 json | Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured ... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-35047 json | Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows at... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-34487 json | Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tom... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-31063 json | UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBi... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-31061 json | UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the Confi... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-31060 json | UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroup... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-31058 json | UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the f... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-70365 json | A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-63238 json | A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of ... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-50671 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.a... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-50664 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-50663 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /us... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-50662 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /ur... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-50661 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /u... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-50660 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /ur... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-50659 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-50657 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /tra... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2025-50655 json | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /th... | Fri, 10 Apr 2026 14:30:22 |
| CVE-2026-30078 json | OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For exa... | Fri, 10 Apr 2026 14:30:21 |
| CVE-2026-32602 json | Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.register) is vulnerable t... | Fri, 10 Apr 2026 14:15:21 |
| CVE-2026-31151 json | An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the applicati... | Fri, 10 Apr 2026 14:15:21 |
| CVE-2026-31150 json | Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view... | Fri, 10 Apr 2026 14:15:21 |
| CVE-2026-31066 json | UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the for... | Fri, 10 Apr 2026 14:15:21 |
| CVE-2026-33403 json | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application... | Fri, 10 Apr 2026 14:00:21 |
| CVE-2026-29510 json | Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenti... | Fri, 10 Apr 2026 14:00:21 |
| CVE-2026-29521 json | Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers... | Fri, 10 Apr 2026 13:45:21 |
| CVE-2026-29520 json | Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Di... | Fri, 10 Apr 2026 13:45:21 |
| CVE-2026-29513 json | Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenti... | Fri, 10 Apr 2026 13:45:20 |
| CVE-2025-68278 json | Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an i... | Fri, 10 Apr 2026 13:45:20 |
| CVE-2026-40160 json | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs di... | Fri, 10 Apr 2026 13:30:25 |
| CVE-2026-40159 json | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows spaw... | Fri, 10 Apr 2026 13:30:25 |
| CVE-2026-40158 json | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__... | Fri, 10 Apr 2026 13:30:25 |
| CVE-2026-40157 json | PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using ... | Fri, 10 Apr 2026 13:30:25 |
| CVE-2026-40156 json | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the curre... | Fri, 10 Apr 2026 13:30:25 |
| CVE-2026-40103 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for cu... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-40100 json | FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary U... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-40097 json | Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.3... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-40086 json | Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows ... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-40074 json | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, ... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-40073 json | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under cert... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35670 json | OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to uni... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35669 json | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that inco... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35668 json | OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read ar... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35667 json | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killPr... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35666 json | OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/ti... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35665 json | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodi... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35664 json | OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recip... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35663 json | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader ... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35662 json | OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message c... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35661 json | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows atta... | Fri, 10 Apr 2026 13:30:24 |
| CVE-2026-35660 json | OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that all... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35659 json | OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influen... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35658 json | OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.w... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35657 json | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35656 json | OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trust... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35655 json | OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting to... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35654 json | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unau... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35653 json | OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows a... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35652 json | OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-all... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35651 json | OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts tha... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35650 json | OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass th... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35649 json | OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all ... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35648 json | OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against curren... | Fri, 10 Apr 2026 13:30:23 |
| CVE-2026-35647 json | OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and rep... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35643 json | OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbi... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35641 json | OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allow... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35621 json | OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gat... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35620 json | OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. T... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35619 json | OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforc... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35602 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the att... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35601 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar ... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35600 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdo... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35599 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an ... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35598 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-35597 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is ... | Fri, 10 Apr 2026 13:30:22 |
| CVE-2026-40023 json | Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions befo... | Fri, 10 Apr 2026 13:30:21 |
| CVE-2026-40021 json | Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutS... | Fri, 10 Apr 2026 13:30:21 |
| CVE-2026-39615 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manag... | Fri, 10 Apr 2026 13:30:21 |