CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-46833 json | Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.... | Wed, 03 Jun 2026 14:16:25 |
| CVE-2026-46830 json | Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Ea... | Wed, 03 Jun 2026 14:16:25 |
| CVE-2026-35277 json | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily... | Wed, 03 Jun 2026 14:16:25 |
| CVE-2026-35266 json | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Diffic... | Wed, 03 Jun 2026 14:16:25 |
| CVE-2026-32847 json | DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py ... | Wed, 03 Jun 2026 14:16:24 |
| CVE-2026-8697 json | Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows u... | Wed, 03 Jun 2026 14:16:24 |
| CVE-2026-45787 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-1... | Wed, 03 Jun 2026 14:01:24 |
| CVE-2026-45353 json | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerab... | Wed, 03 Jun 2026 14:01:24 |
| CVE-2026-46829 json | Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Ea... | Wed, 03 Jun 2026 13:46:24 |
| CVE-2026-46828 json | Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions ... | Wed, 03 Jun 2026 13:46:24 |
| CVE-2026-46827 json | Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions... | Wed, 03 Jun 2026 13:46:24 |
| CVE-2026-46826 json | Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions ... | Wed, 03 Jun 2026 13:46:24 |
| CVE-2026-46819 json | Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations... | Wed, 03 Jun 2026 13:46:24 |
| CVE-2026-45278 json | Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft... | Wed, 03 Jun 2026 13:46:24 |
| CVE-2026-45277 json | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrar... | Wed, 03 Jun 2026 13:46:24 |
| CVE-2026-45275 json | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exis... | Wed, 03 Jun 2026 13:46:24 |
| CVE-2026-37229 json | FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthen... | Wed, 03 Jun 2026 13:31:28 |
| CVE-2026-37228 json | FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed ... | Wed, 03 Jun 2026 13:31:28 |
| CVE-2026-37226 json | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup ... | Wed, 03 Jun 2026 13:31:28 |
| CVE-2026-28511 json | eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing... | Wed, 03 Jun 2026 13:16:26 |
| CVE-2026-5422 json | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in t... | Wed, 03 Jun 2026 13:16:26 |
| CVE-2026-3514 json | In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL pat... | Wed, 03 Jun 2026 13:16:26 |
| CVE-2026-3198 json | MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' ... | Wed, 03 Jun 2026 13:16:26 |
| CVE-2026-0085 json | In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper inp... | Wed, 03 Jun 2026 13:16:26 |
| CVE-2026-37235 json | FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The va... | Wed, 03 Jun 2026 13:16:25 |
| CVE-2026-37233 json | FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen... | Wed, 03 Jun 2026 13:16:25 |
| CVE-2026-37231 json | FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ ... | Wed, 03 Jun 2026 13:16:25 |
| CVE-2026-45686 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to b... | Wed, 03 Jun 2026 13:01:28 |
| CVE-2026-42074 json | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1,... | Wed, 03 Jun 2026 13:01:28 |
| CVE-2026-42073 json | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1,... | Wed, 03 Jun 2026 13:01:28 |
| CVE-2026-33244 json | React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, i... | Wed, 03 Jun 2026 13:01:28 |
| CVE-2026-45685 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to b... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-45684 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to b... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-45683 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0,... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-45682 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0,... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-45681 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0,... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-45680 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0,... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-45679 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0,... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-45678 json | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0,... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-0094 json | In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certifica... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-0093 json | In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-0091 json | In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. ... | Wed, 03 Jun 2026 13:01:27 |
| CVE-2026-47713 json | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. P... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-46843 json | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-46842 json | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-0089 json | In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing pe... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-0088 json | In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading ... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-0087 json | In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link ... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-0086 json | In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check.... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-0080 json | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. Thi... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-0079 json | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overf... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-0078 json | In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validat... | Wed, 03 Jun 2026 13:01:26 |
| CVE-2026-44281 json | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-42321 json | GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technicia... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-42320 json | GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-42318 json | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, ... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-42317 json | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-37462 json | An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Deni... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-36748 json | RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-36576 json | An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows ... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-36574 json | A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execut... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-6657 json | A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-5241 json | A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled m... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-3276 json | unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of c... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2022-31114 json | backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that hel... | Wed, 03 Jun 2026 12:31:18 |
| CVE-2026-49144 json | BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that ... | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-48598 json | Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unesca... | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-48597 json | Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom ta... | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-48594 json | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of servi... | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-42504 json | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-35482 json | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0... | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-32625 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model ... | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-10702 json | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-10690 json | A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the f... | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-5385 json | An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This iss... | Wed, 03 Jun 2026 12:31:17 |
| CVE-2026-30650 json | A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin i... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2026-10629 json | SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2026-10607 json | A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dede_htmlspecialchars of the file /plu... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2026-10273 json | A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.ph... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2026-10227 json | A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2026-9642 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Wed, 03 Jun 2026 12:31:16 |
| CVE-2026-0009 json | In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation o... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2024-4259 json | Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) ... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2024-3373 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Temp... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2024-3370 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Websi... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2024-3306 json | Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly C... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2024-3305 json | Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows R... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2024-2010 json | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Refle... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2024-1744 json | Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Ret... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2019-25719 json | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, ... | Wed, 03 Jun 2026 12:31:16 |
| CVE-2024-4604 json | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipul... | Wed, 03 Jun 2026 12:31:15 |
| CVE-2024-4428 json | Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managme... | Wed, 03 Jun 2026 12:31:15 |
| CVE-2024-4341 json | Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Colle... | Wed, 03 Jun 2026 12:31:15 |
| CVE-2024-4228 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Infor... | Wed, 03 Jun 2026 12:31:15 |
| CVE-2024-3264 json | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signat... | Wed, 03 Jun 2026 12:31:15 |
| CVE-2024-1272 json | Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embe... | Wed, 03 Jun 2026 12:31:15 |
| CVE-2024-1153 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Trave... | Wed, 03 Jun 2026 12:31:15 |
| CVE-2024-1107 json | Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly... | Wed, 03 Jun 2026 12:31:15 |
| CVE-2024-0949 json | Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in T... | Wed, 03 Jun 2026 12:31:15 |
| CVE-2024-0947 json | Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Cr... | Wed, 03 Jun 2026 12:31:15 |