CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-55447 json | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that ar... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-55255 json | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Refe... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-54012 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-54010 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-48519 json | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-33760 json | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor rou... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-12851 json | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A s... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-12850 json | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A s... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-12849 json | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A s... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-12848 json | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. D... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-12847 json | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. D... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-12846 json | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. D... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-12488 json | A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafte... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-12486 json | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A s... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-12485 json | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. D... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-11374 json | In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to a... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-9539 json | An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp vers... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2020-9695 json | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-... | Wed, 24 Jun 2026 01:29:59 |
| CVE-2026-56142 json | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege esc... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-56141 json | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeo... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-54281 json | Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulner... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-54130 json | Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a n... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-50242 json | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authenticatio... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-49468 json | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-48582 json | Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-47647 json | Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network. | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-47645 json | Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker ... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-45480 json | Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network. | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-44939 json | A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-44914 json | Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components wi... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-44273 json | Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high priv... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-42895 json | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthoriz... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-34910 json | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devic... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-34909 json | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-34908 json | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-8918 json | A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2025-67038 json | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user'... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2025-27511 json | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoSer... | Wed, 24 Jun 2026 01:29:58 |
| CVE-2026-11614 json | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cus... | Wed, 24 Jun 2026 00:28:31 |
| CVE-2026-3652 json | The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_inco... | Wed, 24 Jun 2026 00:28:31 |
| CVE-2026-12112 json | A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attac... | Tue, 23 Jun 2026 23:27:12 |
| CVE-2026-11807 json | A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rule... | Tue, 23 Jun 2026 23:27:12 |
| CVE-2026-9073 json | A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive ses... | Tue, 23 Jun 2026 23:27:12 |
| CVE-2026-48864 json | A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data... | Tue, 23 Jun 2026 23:27:11 |
| CVE-2026-9150 json | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when p... | Tue, 23 Jun 2026 23:27:11 |
| CVE-2026-9149 json | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.sol... | Tue, 23 Jun 2026 23:27:11 |
| CVE-2026-6420 json | A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can... | Tue, 23 Jun 2026 23:27:11 |
| CVE-2025-10911 json | A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired point... | Tue, 23 Jun 2026 23:27:11 |
| CVE-2026-12681 json | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatur... | Tue, 23 Jun 2026 22:25:18 |
| CVE-2026-54639 json | Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in vers... | Tue, 23 Jun 2026 21:24:46 |
| CVE-2026-7574 json | Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617... | Tue, 23 Jun 2026 20:39:31 |
| CVE-2026-6458 json | Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication t... | Tue, 23 Jun 2026 20:39:31 |
| CVE-2026-5818 json | Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows ... | Tue, 23 Jun 2026 20:39:31 |
| CVE-2026-56785 json | FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms... | Tue, 23 Jun 2026 19:23:27 |
| CVE-2026-54588 json | Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-con... | Tue, 23 Jun 2026 19:23:27 |
| CVE-2026-48493 json | Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH t... | Tue, 23 Jun 2026 19:23:27 |
| CVE-2026-47931 json | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result ... | Tue, 23 Jun 2026 19:23:27 |
| CVE-2026-47693 json | Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CS... | Tue, 23 Jun 2026 19:23:27 |
| CVE-2026-12164 json | Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevate... | Tue, 23 Jun 2026 19:23:27 |
| CVE-2026-12163 json | Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site s... | Tue, 23 Jun 2026 19:23:27 |
| CVE-2026-11972 json | When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle... | Tue, 23 Jun 2026 19:23:27 |
| CVE-2026-56784 json | OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoin... | Tue, 23 Jun 2026 18:23:20 |
| CVE-2026-56120 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56... | Tue, 23 Jun 2026 18:23:20 |
| CVE-2026-54518 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21... | Tue, 23 Jun 2026 18:23:20 |
| CVE-2026-47907 json | Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could result in a... | Tue, 23 Jun 2026 18:23:20 |
| CVE-2026-42052 json | Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolat... | Tue, 23 Jun 2026 18:23:20 |
| CVE-2025-61821 json | ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Refer... | Tue, 23 Jun 2026 18:23:19 |
| CVE-2023-46850 json | Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution w... | Tue, 23 Jun 2026 18:23:19 |
| CVE-2026-54517 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-54516 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-54515 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-54514 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-54513 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-54512 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-53931 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMa... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-53930 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-53929 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NC_SECURE_ATTACHMENTS=true, an authentica... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-53928 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-for... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-53927 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint (axiosRequestMa... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-53926 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensByUser in the users servic... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-50193 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-47388 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledg... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-47387 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler (packages/... | Tue, 23 Jun 2026 17:22:42 |
| CVE-2026-47386 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using t... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47385 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permiss... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47384 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permi... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47383 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47382 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP ... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47381 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47380 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47379 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to st... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47378 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values fr... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47377 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called win... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47376 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset page rendered the URL token... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47375 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permissio... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-47279 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints acce... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-46554 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate r... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-46553 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTA... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-46552 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same bas... | Tue, 23 Jun 2026 17:22:41 |
| CVE-2026-46551 json | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment ... | Tue, 23 Jun 2026 17:22:41 |