CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-21037 json | Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and lau... | Tue, 30 Jun 2026 12:59:28 |
| CVE-2026-21035 json | Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive informatio... | Tue, 30 Jun 2026 12:59:28 |
| CVE-2026-21038 json | Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access ... | Tue, 30 Jun 2026 12:44:27 |
| CVE-2026-11769 json | We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path trav... | Tue, 30 Jun 2026 12:44:27 |
| CVE-2026-48315 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result ... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-48314 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Director... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-48313 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Director... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-48307 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An atta... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-48286 json | Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability t... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-48285 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-48283 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerabil... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-48282 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Director... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-48281 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result ... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-48277 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result ... | Tue, 30 Jun 2026 12:29:29 |
| CVE-2026-57081 json | Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode rec... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-55607 json | Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktr... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-48276 json | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerabil... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-48192 json | A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-44949 json | A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up t... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-44948 json | A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-44947 json | A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-43735 json | The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-27957 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, ... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-27956 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, ... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-27955 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, ... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-13744 json | Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL executi... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-13590 json | A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in t... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-13581 json | A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-13572 json | A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-13566 json | A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknow... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-13455 json | PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash() funct... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-12610 json | A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulner... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-4360 json | In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system ... | Tue, 30 Jun 2026 12:29:28 |
| CVE-2026-42526 json | In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the... | Tue, 30 Jun 2026 12:29:27 |
| CVE-2026-27173 json | JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberente... | Tue, 30 Jun 2026 12:29:27 |
| CVE-2026-20199 json | A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote ... | Tue, 30 Jun 2026 12:29:27 |
| CVE-2026-13560 json | A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the ... | Tue, 30 Jun 2026 12:29:27 |
| CVE-2026-11972 json | When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle... | Tue, 30 Jun 2026 12:29:27 |
| CVE-2026-11940 json | tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a s... | Tue, 30 Jun 2026 12:29:27 |
| CVE-2026-8328 json | The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace ... | Tue, 30 Jun 2026 12:29:27 |
| CVE-2026-1502 json | CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. | Tue, 30 Jun 2026 12:29:27 |
| CVE-2026-13752 json | Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker c... | Tue, 30 Jun 2026 12:14:27 |
| CVE-2026-13751 json | Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery.... | Tue, 30 Jun 2026 12:14:27 |
| CVE-2026-13750 json | Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be... | Tue, 30 Jun 2026 12:14:27 |
| CVE-2026-13749 json | Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowe... | Tue, 30 Jun 2026 12:14:27 |
| CVE-2026-13748 json | Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to ... | Tue, 30 Jun 2026 12:14:27 |
| CVE-2026-20685 json | An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed w... | Tue, 30 Jun 2026 12:14:26 |
| CVE-2026-13746 json | Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A u... | Tue, 30 Jun 2026 12:14:26 |
| CVE-2026-57953 json | Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perfo... | Tue, 30 Jun 2026 11:59:27 |
| CVE-2026-57952 json | Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook,... | Tue, 30 Jun 2026 11:59:27 |
| CVE-2026-57951 json | Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _o... | Tue, 30 Jun 2026 11:59:26 |
| CVE-2026-36848 json | Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem. | Tue, 30 Jun 2026 11:59:26 |
| CVE-2026-36741 json | U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP)... | Tue, 30 Jun 2026 11:59:26 |
| CVE-2025-2669 json | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileg... | Tue, 30 Jun 2026 11:59:26 |
| CVE-2024-54178 json | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticat... | Tue, 30 Jun 2026 11:59:26 |
| CVE-2026-28381 json | The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data so... | Tue, 30 Jun 2026 11:44:29 |
| CVE-2026-10601 json | The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths wit... | Tue, 30 Jun 2026 11:44:29 |
| CVE-2026-27883 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, ... | Tue, 30 Jun 2026 11:29:28 |
| CVE-2026-58116 json | LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-58016 json | A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c fi... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-58015 json | A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-58014 json | A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c f... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-58013 json | A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a cu... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-58012 json | A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compi... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-58011 json | A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gda... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-58010 json | A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-57082 json | Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. T... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-35098 json | KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlim... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-35097 json | KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, spec... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-35096 json | KTM System e-BOK is vulnerable to Cross‑Site Request Forgery (CSRF) in both the email-change and password-change functional... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-35095 json | KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-27882 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, ... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-27881 json | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, ... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-14178 json | openGauss 在处理带 NLS 参数的 to_timestamp 调用时,to_timestamp_with_fmt_nls() 会将 nls_fmt_str 保存到 u_sess... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2025-53648 json | SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. ... | Tue, 30 Jun 2026 11:29:27 |
| CVE-2026-58053 json | Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-57960 json | Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control, allowing unauthenticated access t... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-55276 json | Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation ... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-54475 json | Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-54371 json | attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-53917 json | Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Ap... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-43724 json | The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-43713 json | A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 2... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-43707 json | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and i... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-13766 json | DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, ... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-11590 json | The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-9221 json | The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signatu... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-9029 json | The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent() runs on the raw te... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-8643 json | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path ... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-6846 json | A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-4647 json | A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and ... | Tue, 30 Jun 2026 11:29:26 |
| CVE-2026-24294 json | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | Tue, 30 Jun 2026 11:29:25 |
| CVE-2026-3442 json | A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exist... | Tue, 30 Jun 2026 11:29:25 |
| CVE-2026-3441 json | A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bf... | Tue, 30 Jun 2026 11:29:25 |
| CVE-2025-4948 json | A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNO... | Tue, 30 Jun 2026 11:29:25 |
| CVE-2025-4035 json | A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix doma... | Tue, 30 Jun 2026 11:29:25 |
| CVE-2025-3360 json | A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with... | Tue, 30 Jun 2026 11:29:25 |
| CVE-2023-33854 json | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an aut... | Tue, 30 Jun 2026 11:14:24 |
| CVE-2026-53325 json | In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_pro... | Tue, 30 Jun 2026 10:59:49 |
| CVE-2026-53324 json | In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory naming ... | Tue, 30 Jun 2026 10:59:49 |