CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-38936 json | A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via th... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-38935 json | A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-38934 json | Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to e... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-38931 json | A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHu... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-38930 json | OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. Thi... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-36356 json | The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated O... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-36239 json | PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-36182 json | GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-36180 json | A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protect... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-36178 json | The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuratio... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-36176 json | GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial consol... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-36175 json | An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain ... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-36174 json | GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-30462 json | A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-30352 json | A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows att... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-14764 json | A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the fi... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-14763 json | A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2025-60889 json | Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execut... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2023-24215 json | Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to o... | Sun, 05 Jul 2026 13:26:43 |
| CVE-2026-30695 json | A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control ... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-30603 json | An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, insta... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-30463 json | Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php compone... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-30461 json | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-30460 json | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Bl... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-30459 json | An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the pass... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-30458 json | An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting a... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-30457 json | An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via craft... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-30266 json | Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary ... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-29598 json | Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of DDSN Interactive Acora CMS ... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2026-29597 json | DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user ca... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-70082 json | An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-67260 json | The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerabi... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-67041 json | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser pag... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-67039 json | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-67038 json | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user'... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-63743 json | Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-61190 json | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filte... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-52204 json | A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterf... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-50881 json | The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Executi... | Sun, 05 Jul 2026 13:26:42 |
| CVE-2025-70363 json | Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attac... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-70330 json | Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying s... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-69752 json | An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view othe... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-67289 json | An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arb... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-67108 json | eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communicati... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-67037 json | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" pa... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-67036 json | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their n... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-67035 json | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injec... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-67034 json | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" para... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-66698 json | An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various ... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-65865 json | An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input. | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-65857 json | An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStream... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-65856 json | Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 al... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-65784 json | Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level pri... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-65783 json | An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.2... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-65397 json | An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and e... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-65396 json | A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-63314 json | A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitr... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-52023 json | A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigge... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-29329 json | Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attac... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2024-54855 json | fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers ... | Sun, 05 Jul 2026 13:26:41 |
| CVE-2025-65841 json | Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aqu... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65799 json | A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execut... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65798 json | Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65797 json | Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privilege... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65796 json | Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65795 json | Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbit... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65568 json | A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65530 json | An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite ... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65427 json | An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement ra... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65363 json | Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-65318 json | When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a ... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-63402 json | An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via API... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-63401 json | Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to exec... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-57202 json | A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-57201 json | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection ... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-57199 json | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection ... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-57198 json | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection ... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-29269 json | ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the po... | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-29268 json | ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library. | Sun, 05 Jul 2026 13:26:40 |
| CVE-2025-63892 json | A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function create_classr... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-63891 json | Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauth... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-63674 json | An issue in Blurams Lumi Security Camera (A31C) v23.1227.472.2926 allows local physical attackers to execute arbitrary code v... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-61168 json | An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an ... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-61167 json | SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php compon... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-60969 json | Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allo... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-60967 json | Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-60965 json | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 all... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-60511 json | Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due ... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-60419 json | An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated a... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-57200 json | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection ... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-56447 json | TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure. | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-56385 json | A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.a... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-56224 json | A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass ... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-56223 json | A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial o... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-56219 json | Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. Th... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-56218 json | An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafte... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-50433 json | An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted passwo... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-25613 json | FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D... | Sun, 05 Jul 2026 13:26:39 |
| CVE-2025-60964 json | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 all... | Sun, 05 Jul 2026 13:26:38 |
| CVE-2025-60963 json | OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 all... | Sun, 05 Jul 2026 13:26:38 |