CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-48569 json | Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | Fri, 12 Jun 2026 13:02:40 |
| CVE-2026-48565 json | Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. | Fri, 12 Jun 2026 13:02:40 |
| CVE-2026-44814 json | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | Fri, 12 Jun 2026 13:02:40 |
| CVE-2026-44813 json | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Fri, 12 Jun 2026 13:02:40 |
| CVE-2026-44811 json | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Fri, 12 Jun 2026 13:02:40 |
| CVE-2025-55659 json | A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to ... | Fri, 12 Jun 2026 13:02:40 |
| CVE-2025-52292 json | A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of ... | Fri, 12 Jun 2026 13:02:40 |
| CVE-2026-44808 json | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Fri, 12 Jun 2026 13:02:39 |
| CVE-2026-44807 json | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Fri, 12 Jun 2026 13:02:39 |
| CVE-2026-44804 json | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Fri, 12 Jun 2026 13:02:39 |
| CVE-2025-55658 json | GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tool... | Fri, 12 Jun 2026 12:47:39 |
| CVE-2025-55657 json | A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers t... | Fri, 12 Jun 2026 12:47:39 |
| CVE-2025-55651 json | A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows atta... | Fri, 12 Jun 2026 12:47:39 |
| CVE-2025-52293 json | A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows at... | Fri, 12 Jun 2026 12:47:39 |
| CVE-2026-53568 json | Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity ... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-50560 json | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-50091 json | Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-c... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-50090 json | The Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/authorize) is vulnerable to a redirect bypass due to la... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-50089 json | The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-50088 json | The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com)... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-50087 json | The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance ... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-50086 json | The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key wit... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-50085 json | The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveM... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-9641 json | Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorith... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-9638 json | Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in r... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-8828 json | A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to a... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-5792 json | Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing C... | Fri, 12 Jun 2026 12:32:40 |
| CVE-2026-50084 json | The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any ... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-50083 json | The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798:... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-50082 json | The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-50026 json | Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in thes... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-50020 json | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-50011 json | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-50010 json | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-50009 json | Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Nett... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-48748 json | Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a me... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-48059 json | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-48043 json | Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versi... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-48006 json | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-47691 json | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-47190 json | IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM contro... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-47182 json | Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files b... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-46690 json | unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value ... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-45833 json | A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to ... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-45832 json | All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization lay... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-45831 json | The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluate... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-45830 json | A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users t... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-44976 json | Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding S... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-44975 json | Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset on... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-44967 json | OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metric... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-44208 json | Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_... | Fri, 12 Jun 2026 12:32:39 |
| CVE-2026-44207 json | Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authen... | Fri, 12 Jun 2026 12:32:38 |
| CVE-2026-44206 json | Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible t... | Fri, 12 Jun 2026 12:32:38 |
| CVE-2026-40677 json | The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, p... | Fri, 12 Jun 2026 12:32:38 |
| CVE-2026-8694 json | Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to... | Fri, 12 Jun 2026 12:17:41 |
| CVE-2026-54133 json | jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-53787 json | Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability th... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-50634 json | A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was no... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-50633 json | A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-50632 json | A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CX... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-50629 json | The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-50623 json | An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-48914 json | A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of inpu... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47210 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47209 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) igno... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47208 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. Thi... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47196 json | Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject ... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47141 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtin... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47140 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such ... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47139 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47137 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) intro... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47135 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercept... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-47131 json | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buf... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-12066 json | A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file ap... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-12065 json | A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part ... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-10557 json | The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all de... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-9266 json | A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial comp... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-7368 json | The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the s... | Fri, 12 Jun 2026 12:17:40 |
| CVE-2026-48613 json | SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data dur... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-48612 json | Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cau... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-48611 json | Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabl... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-48610 json | Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulne... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-47370 json | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability foun... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-47369 json | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability foun... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-47368 json | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running Un... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-47367 json | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability foun... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-47366 json | Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-47365 json | Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated user... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-45418 json | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload ... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-20746 json | Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java m... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-12058 json | The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed. | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-11933 json | A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to Jav... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-11535 json | An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthoriz... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-9271 json | Vulnerability Title | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-6250 json | An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-con... | Fri, 12 Jun 2026 12:17:39 |
| CVE-2026-50245 json | Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is requi... | Fri, 12 Jun 2026 12:17:38 |
| CVE-2026-50005 json | Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feed... | Fri, 12 Jun 2026 12:17:38 |
| CVE-2026-45481 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an... | Fri, 12 Jun 2026 12:17:38 |
| CVE-2026-45467 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an... | Fri, 12 Jun 2026 12:17:38 |
| CVE-2026-41005 json | Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signat... | Fri, 12 Jun 2026 12:17:38 |