CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-7612 json | A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /ed... | Sat, 02 May 2026 06:23:09 |
| CVE-2026-7611 json | A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of th... | Sat, 02 May 2026 06:23:09 |
| CVE-2026-7610 json | A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of t... | Sat, 02 May 2026 06:23:09 |
| CVE-2026-7609 json | A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file... | Sat, 02 May 2026 06:23:09 |
| CVE-2026-7491 json | School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attacker... | Sat, 02 May 2026 06:23:09 |
| CVE-2026-7490 json | CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload ... | Sat, 02 May 2026 06:23:09 |
| CVE-2026-7489 json | CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL c... | Sat, 02 May 2026 06:23:09 |
| CVE-2026-5077 json | The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, ... | Sat, 02 May 2026 06:23:09 |
| CVE-2026-7608 json | A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The... | Sat, 02 May 2026 05:22:14 |
| CVE-2026-5324 json | The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions ... | Sat, 02 May 2026 05:22:14 |
| CVE-2026-4024 json | The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capab... | Sat, 02 May 2026 05:22:14 |
| CVE-2026-7649 json | The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vu... | Sat, 02 May 2026 04:21:55 |
| CVE-2026-7607 json | A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of t... | Sat, 02 May 2026 04:21:55 |
| CVE-2026-7606 json | A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmw... | Sat, 02 May 2026 04:21:55 |
| CVE-2026-6457 json | The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' paramete... | Sat, 02 May 2026 04:21:55 |
| CVE-2026-6449 json | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in a... | Sat, 02 May 2026 04:21:55 |
| CVE-2026-6229 json | The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including... | Sat, 02 May 2026 04:21:55 |
| CVE-2026-4650 json | The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and includi... | Sat, 02 May 2026 04:21:55 |
| CVE-2026-2052 json | The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnera... | Sat, 02 May 2026 04:21:55 |
| CVE-2026-43058 json | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix pass-by-value structs causing MSAN war... | Sat, 02 May 2026 03:20:52 |
| CVE-2026-31776 json | In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 ... | Sat, 02 May 2026 03:20:52 |
| CVE-2026-23473 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Sat, 02 May 2026 03:20:52 |
| CVE-2026-7605 json | A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.upload... | Sat, 02 May 2026 03:20:52 |
| CVE-2025-71149 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Sat, 02 May 2026 03:20:52 |
| CVE-2026-7647 json | The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-7049 json | The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-6916 json | The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulner... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-6812 json | The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the o... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-6447 json | The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in al... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-5113 json | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versio... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-5112 json | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and inc... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-5111 json | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. T... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-5110 json | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and inc... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-5109 json | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. T... | Sat, 02 May 2026 02:19:53 |
| CVE-2026-7641 json | The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to an... | Sat, 02 May 2026 01:19:45 |
| CVE-2026-7604 json | A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.ca... | Sat, 02 May 2026 01:19:45 |
| CVE-2026-7603 json | A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of th... | Sat, 02 May 2026 01:19:45 |
| CVE-2026-7458 json | The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and i... | Sat, 02 May 2026 01:19:44 |
| CVE-2026-6963 json | The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_sa... | Sat, 02 May 2026 01:19:44 |
| CVE-2026-6446 json | The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all ver... | Sat, 02 May 2026 01:19:44 |
| CVE-2026-4882 json | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type v... | Sat, 02 May 2026 01:19:44 |
| CVE-2026-4658 json | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cro... | Sat, 02 May 2026 01:19:44 |
| CVE-2025-14726 json | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data ... | Sat, 02 May 2026 01:19:44 |
| CVE-2026-7638 json | The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Obje... | Sat, 02 May 2026 00:19:43 |
| CVE-2026-7602 json | A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /s... | Sat, 02 May 2026 00:19:43 |
| CVE-2026-7209 json | The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory... | Sat, 02 May 2026 00:19:43 |
| CVE-2026-6378 json | The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-ca... | Sat, 02 May 2026 00:19:43 |
| CVE-2026-7601 json | A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of t... | Fri, 01 May 2026 23:19:41 |
| CVE-2026-43824 json | In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data. | Fri, 01 May 2026 22:19:40 |
| CVE-2026-42788 json | Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion... | Fri, 01 May 2026 22:19:40 |
| CVE-2026-42786 json | Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of ... | Fri, 01 May 2026 22:19:40 |
| CVE-2026-39807 json | Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state sp... | Fri, 01 May 2026 22:19:40 |
| CVE-2026-39805 json | Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Cont... | Fri, 01 May 2026 22:19:40 |
| CVE-2026-39804 json | Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of ... | Fri, 01 May 2026 22:19:40 |
| CVE-2026-7596 json | A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function da... | Fri, 01 May 2026 22:19:40 |
| CVE-2026-7600 json | A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of th... | Fri, 01 May 2026 21:19:17 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Fri, 01 May 2026 21:04:14 |
| CVE-2026-42996 json | JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS ... | Fri, 01 May 2026 19:17:14 |
| CVE-2026-7599 json | A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_htm... | Fri, 01 May 2026 18:32:10 |
| CVE-2026-7598 json | A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of... | Fri, 01 May 2026 18:32:10 |
| CVE-2026-7597 json | A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vec... | Fri, 01 May 2026 18:32:10 |
| CVE-2026-30363 json | flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function. | Fri, 01 May 2026 17:30:36 |
| CVE-2026-7595 json | A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _fo... | Fri, 01 May 2026 17:30:36 |
| CVE-2026-7594 json | A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/... | Fri, 01 May 2026 17:30:36 |
| CVE-2026-7593 json | A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the funct... | Fri, 01 May 2026 17:30:36 |
| CVE-2025-12993 json | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67968. Reason: This candidate is a reser... | Fri, 01 May 2026 17:30:36 |
| CVE-2026-2625 json | A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Pac... | Fri, 01 May 2026 17:15:30 |
| CVE-2021-47815 json | Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to cras... | Fri, 01 May 2026 17:15:30 |
| CVE-2020-37130 json | Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to cr... | Fri, 01 May 2026 17:15:30 |
| CVE-2019-25597 json | NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to... | Fri, 01 May 2026 17:15:30 |
| CVE-2025-57853 json | A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file be... | Fri, 01 May 2026 17:00:16 |
| CVE-2018-25213 json | Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to exec... | Fri, 01 May 2026 17:00:16 |
| CVE-2026-7141 json | A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_... | Fri, 01 May 2026 16:45:06 |
| CVE-2026-7094 json | A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affecte... | Fri, 01 May 2026 16:45:06 |
| CVE-2025-57851 json | A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from t... | Fri, 01 May 2026 16:45:05 |
| CVE-2026-7592 json | A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /e... | Fri, 01 May 2026 16:30:01 |
| CVE-2026-37537 json | collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leadi... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-37536 json | miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnosti... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-37535 json | openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac (2021-08-09) contains an out-of-bounds read in the ISO-TP... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-37534 json | Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-37532 json | AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-37531 json | AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race con... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-37526 json | AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (E... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-37525 json | AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do co... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-7591 json | A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function o... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-7590 json | A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affecte... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-7589 json | A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-7588 json | A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices ... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-7587 json | A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_upd... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-7586 json | A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogs_id_get_value of the file /src/amf/nudm-ha... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-7585 json | A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned o... | Fri, 01 May 2026 16:30:00 |
| CVE-2025-8903 json | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2052. Reason: This candidate is a reserv... | Fri, 01 May 2026 16:30:00 |
| CVE-2026-41360 json | OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands co... | Fri, 01 May 2026 16:29:59 |
| CVE-2026-41358 json | OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter... | Fri, 01 May 2026 16:29:59 |
| CVE-2026-37554 json | An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulner... | Fri, 01 May 2026 16:29:59 |
| CVE-2026-37552 json | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives... | Fri, 01 May 2026 16:29:59 |
| CVE-2026-37505 json | SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter... | Fri, 01 May 2026 16:29:59 |
| CVE-2026-37504 json | Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php... | Fri, 01 May 2026 16:29:59 |
| CVE-2026-37503 json | Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unesca... | Fri, 01 May 2026 16:29:59 |
| CVE-2026-22167 json | Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary ... | Fri, 01 May 2026 16:29:59 |