CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-27735 json | Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-serv... | Mon, 13 Apr 2026 20:57:28 |
| CVE-2026-26964 json | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 ... | Mon, 13 Apr 2026 20:57:27 |
| CVE-2026-1837 json | A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that ... | Mon, 13 Apr 2026 20:57:27 |
| CVE-2026-27896 json | The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to ... | Mon, 13 Apr 2026 20:42:14 |
| CVE-2026-3223 json | Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer. | Mon, 13 Apr 2026 20:42:14 |
| CVE-2026-2293 json | A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify ... | Mon, 13 Apr 2026 20:42:14 |
| CVE-2026-40164 json | jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardc... | Mon, 13 Apr 2026 20:27:04 |
| CVE-2026-39417 json | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, w... | Mon, 13 Apr 2026 20:27:04 |
| CVE-2026-34069 json | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algori... | Mon, 13 Apr 2026 20:27:04 |
| CVE-2026-33948 json | jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CL... | Mon, 13 Apr 2026 20:27:04 |
| CVE-2026-27683 json | SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payload... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-27681 json | Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authentica... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-27679 json | Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker coul... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-27678 json | Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-27677 json | Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update a... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-27676 json | Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could ... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-27675 json | SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged ad... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-27674 json | Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-27673 json | Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-27672 json | The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulti... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-26221 json | Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.N... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-24318 json | Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticate... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-0512 json | Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), ... | Mon, 13 Apr 2026 20:27:03 |
| CVE-2026-39979 json | jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in ... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2026-39956 json | jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2026-6203 json | The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4.... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2026-5086 json | Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer wa... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2025-0921 json | Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 an... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2024-1573 json | Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 ... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2026-40312 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-40311 json | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-40310 json | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 a... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-40183 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, th... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-40169 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a ... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-34238 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-33947 json | jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted()... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-33908 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-33905 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-6224 json | A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function crea... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-6220 json | A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of ... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-4786 json | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain brows... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-33902 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-33900 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22566 json | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi ... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22565 json | An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the d... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22564 json | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22563 json | A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22562 json | A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firm... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2025-30650 json | A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a pri... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Mon, 13 Apr 2026 18:10:07 |
| CVE-2026-33901 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-33899 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 an... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-33740 json | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/i... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-33659 json | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachm... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-32272 json | Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-6219 json | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the f... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-6218 json | A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of t... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-6216 json | A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/s... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-40043 json | Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-priv... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36947 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36946 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36945 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36944 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/re... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36943 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36942 json | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36941 json | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36938 json | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php. | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36937 json | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.p... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-33657 json | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-32271 json | Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an ... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-31280 json | An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a De... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-26460 json | A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutrali... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-6197 json | A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSe... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2025-70936 json | Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling o... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2025-51414 json | In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile pictu... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-40242 json | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fet... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-40189 json | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-a... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-40180 json | Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 ... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-40168 json | Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Althoug... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36923 json | Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36922 json | Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36920 json | Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examp... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36919 json | Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/exampr... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36874 json | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36873 json | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36872 json | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-35186 json | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend co... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-34971 json | Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation bac... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-34734 json | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5904 json | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious ... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5903 json | Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to enga... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5902 json | Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer p... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5901 json | Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user ... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5900 json | Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download prot... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-39671 json | Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-fo... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-39647 json | Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-pl... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-39645 json | Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce al... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5899 json | Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who c... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5898 json | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoof... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5897 json | Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to ... | Mon, 13 Apr 2026 17:24:31 |