CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-42089 json | Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is res... | Tue, 16 Jun 2026 13:35:14 |
| CVE-2024-38487 json | api-gateway container running with root privilege would allow an attacker to escape the container and access host system to p... | Tue, 16 Jun 2026 13:35:14 |
| CVE-2024-30476 json | PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privile... | Tue, 16 Jun 2026 13:35:14 |
| CVE-2024-24909 json | Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway... | Tue, 16 Jun 2026 13:35:14 |
| CVE-2026-46032 json | In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nes... | Tue, 16 Jun 2026 13:35:13 |
| CVE-2026-9595 json | Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the ... | Tue, 16 Jun 2026 13:35:13 |
| CVE-2025-55642 json | GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c). | Tue, 16 Jun 2026 13:35:13 |
| CVE-2025-55641 json | A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attack... | Tue, 16 Jun 2026 13:35:13 |
| CVE-2024-22451 json | Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker... | Tue, 16 Jun 2026 13:35:13 |
| CVE-2026-53776 json | Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by expl... | Tue, 16 Jun 2026 13:20:15 |
| CVE-2026-44932 json | Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers ... | Tue, 16 Jun 2026 13:20:15 |
| CVE-2026-39927 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Tue, 16 Jun 2026 13:20:15 |
| CVE-2026-39926 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Tue, 16 Jun 2026 13:20:15 |
| CVE-2026-24228 json | NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A suc... | Tue, 16 Jun 2026 13:20:15 |
| CVE-2026-24155 json | NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability m... | Tue, 16 Jun 2026 13:20:15 |
| CVE-2026-12412 json | Rejected reason: loading template... | Tue, 16 Jun 2026 13:20:15 |
| CVE-2026-12003 json | To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defi... | Tue, 16 Jun 2026 13:20:15 |
| CVE-2026-10649 json | A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote... | Tue, 16 Jun 2026 13:20:15 |
| CVE-2025-71261 json | An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 cou... | Tue, 16 Jun 2026 13:20:15 |
| CVE-2026-53899 json | Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix do... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12330 json | Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Fire... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12329 json | Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12328 json | Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12327 json | Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12326 json | Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12325 json | Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firef... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12324 json | Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ES... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12323 json | Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12322 json | Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12321 json | JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12320 json | Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12319 json | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12318 json | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird ... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12317 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12316 json | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12315 json | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbir... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12314 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12313 json | Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12312 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12311 json | Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12310 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12309 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12308 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12307 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12306 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12305 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12304 json | Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12303 json | Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed i... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12302 json | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ES... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12301 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12300 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12299 json | JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefo... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12298 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12297 json | Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152,... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-12296 json | Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12... | Tue, 16 Jun 2026 13:20:14 |
| CVE-2026-50890 json | Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockrep... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-50889 json | An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) ... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-50888 json | An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection ... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-50884 json | Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-48017 json | DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate acce... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-41082 json | In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12295 json | Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12294 json | Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 11... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12293 json | Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12292 json | Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Th... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12291 json | Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ES... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12290 json | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12289 json | Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, F... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12205 json | Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::si... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12161 json | Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenti... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-12087 json | Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-11832 json | Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated u... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-8683 json | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost D... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2025-10911 json | A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired point... | Tue, 16 Jun 2026 13:20:13 |
| CVE-2026-6517 json | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forw... | Tue, 16 Jun 2026 13:05:12 |
| CVE-2026-5038 json | Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskSt... | Tue, 16 Jun 2026 13:05:12 |
| CVE-2026-12057 json | When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some danger... | Tue, 16 Jun 2026 12:50:12 |
| CVE-2026-5079 json | Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field n... | Tue, 16 Jun 2026 12:50:12 |
| CVE-2026-4096 json | IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOS... | Tue, 16 Jun 2026 12:35:19 |
| CVE-2026-3341 json | IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an ... | Tue, 16 Jun 2026 12:35:19 |
| CVE-2024-45636 json | IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged us... | Tue, 16 Jun 2026 12:35:19 |
| CVE-2026-42851 json | Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal ... | Tue, 16 Jun 2026 12:20:12 |
| CVE-2026-42850 json | Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subsh... | Tue, 16 Jun 2026 12:20:12 |
| CVE-2026-40451 json | DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows a... | Tue, 16 Jun 2026 12:20:12 |
| CVE-2026-25775 json | A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be perf... | Tue, 16 Jun 2026 12:20:12 |
| CVE-2026-8598 json | An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require au... | Tue, 16 Jun 2026 12:20:12 |
| CVE-2026-6376 json | A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a P... | Tue, 16 Jun 2026 12:20:12 |
| CVE-2026-6375 json | A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any a... | Tue, 16 Jun 2026 12:20:12 |
| CVE-2026-3893 json | The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly ac... | Tue, 16 Jun 2026 12:20:12 |
| CVE-2026-50887 json | A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers ... | Tue, 16 Jun 2026 12:05:18 |
| CVE-2026-50886 json | Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal ... | Tue, 16 Jun 2026 12:05:18 |
| CVE-2026-50885 json | Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to acce... | Tue, 16 Jun 2026 12:05:18 |
| CVE-2026-50883 json | An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbit... | Tue, 16 Jun 2026 12:05:18 |
| CVE-2026-50882 json | An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via ... | Tue, 16 Jun 2026 12:05:18 |
| CVE-2026-50881 json | Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privil... | Tue, 16 Jun 2026 12:05:18 |
| CVE-2026-50880 json | An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via... | Tue, 16 Jun 2026 12:05:18 |
| CVE-2026-50877 json | An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containin... | Tue, 16 Jun 2026 12:05:18 |
| CVE-2026-50876 json | A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML vi... | Tue, 16 Jun 2026 12:05:17 |
| CVE-2026-50875 json | Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to a... | Tue, 16 Jun 2026 12:05:17 |
| CVE-2026-50874 json | An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows at... | Tue, 16 Jun 2026 12:05:17 |