CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-35470 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe... | Mon, 06 Apr 2026 14:29:56 |
| CVE-2026-5675 | A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borro... | Mon, 06 Apr 2026 14:29:56 |
| CVE-2026-5672 | A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functi... | Mon, 06 Apr 2026 14:29:56 |
| CVE-2026-5671 | A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacte... | Mon, 06 Apr 2026 14:29:56 |
| CVE-2026-35209 | defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass un... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35177 | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows ov... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35175 | Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin aut... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35174 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administra... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35173 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post mode... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35171 | Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be ... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35167 | Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py co... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35166 | Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML rendere... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35164 | Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload func... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35052 | D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35050 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save exten... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35047 | Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows at... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35046 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor ... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35045 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT ... | Mon, 06 Apr 2026 14:29:55 |
| CVE-2026-35044 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, t... | Mon, 06 Apr 2026 14:29:54 |
| CVE-2026-35043 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, t... | Mon, 06 Apr 2026 14:29:54 |
| CVE-2026-34570 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 14:29:54 |
| CVE-2026-32213 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | Mon, 06 Apr 2026 14:29:54 |
| CVE-2026-30613 | An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version:... | Mon, 06 Apr 2026 14:29:54 |
| CVE-2026-5334 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enr... | Mon, 06 Apr 2026 14:29:54 |
| CVE-2025-61166 | An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL. | Mon, 06 Apr 2026 14:29:54 |
| CVE-2025-59440 | An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, ... | Mon, 06 Apr 2026 14:29:54 |
| CVE-2025-57835 | An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1... | Mon, 06 Apr 2026 14:29:54 |
| CVE-2026-35616 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker ... | Mon, 06 Apr 2026 14:14:30 |
| CVE-2026-32211 | Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over... | Mon, 06 Apr 2026 14:14:30 |
| CVE-2026-32173 | Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | Mon, 06 Apr 2026 14:14:30 |
| CVE-2026-33107 | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | Mon, 06 Apr 2026 13:59:14 |
| CVE-2026-26135 | Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate ... | Mon, 06 Apr 2026 13:59:14 |
| CVE-2026-27599 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 13:43:14 |
| CVE-2026-35042 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critic... | Mon, 06 Apr 2026 13:27:47 |
| CVE-2026-35039 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.1.0, setting up a custom cacheKeyBuilder m... | Mon, 06 Apr 2026 13:27:47 |
| CVE-2026-35037 | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title... | Mon, 06 Apr 2026 13:27:47 |
| CVE-2026-35036 | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link previ... | Mon, 06 Apr 2026 13:27:47 |
| CVE-2026-5670 | A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue a... | Mon, 06 Apr 2026 13:27:47 |
| CVE-2026-5669 | A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vu... | Mon, 06 Apr 2026 13:27:47 |
| CVE-2026-5668 | A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an ... | Mon, 06 Apr 2026 13:27:47 |
| CVE-2026-35035 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-35030 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authenticatio... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-35029 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update end... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34992 | Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption v... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34989 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34986 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support ... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34981 | The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.download_from_url() in... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34977 | Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optiona... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34976 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the ... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34975 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was dis... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34953 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token no... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34937 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34933 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34841 | Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack invol... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34783 | Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's ... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34612 | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deploym... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-34378 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-31313 | An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows at... | Mon, 06 Apr 2026 13:27:46 |
| CVE-2026-32145 | Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipar... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-28809 | XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files a... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-28807 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitr... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-28806 | Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk ac... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-23943 | Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-23942 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module)... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-23941 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allo... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-23940 | Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized pac... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-23939 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in hexpm hexpm/hexpm ('Elixir.He... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-21622 | Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Accounts.PasswordReset' module) allows Acco... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-21621 | Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.API.OAuthController' module) allows Privilege Es... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-21620 | Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-21619 | Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2026-21618 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexp... | Mon, 06 Apr 2026 13:27:45 |
| CVE-2025-48044 | Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with ... | Mon, 06 Apr 2026 13:27:44 |
| CVE-2025-48043 | Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with ... | Mon, 06 Apr 2026 13:27:44 |
| CVE-2025-48042 | Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Lev... | Mon, 06 Apr 2026 13:27:44 |
| CVE-2025-48041 | Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allo... | Mon, 06 Apr 2026 13:27:44 |
| CVE-2025-48040 | Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. T... | Mon, 06 Apr 2026 13:27:44 |
| CVE-2025-48039 | Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allo... | Mon, 06 Apr 2026 13:27:44 |
| CVE-2025-48038 | Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allo... | Mon, 06 Apr 2026 13:27:44 |
| CVE-2025-4754 | Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulner... | Mon, 06 Apr 2026 13:27:44 |
| CVE-2025-4748 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) a... | Mon, 06 Apr 2026 13:27:44 |
| CVE-2026-22561 | Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 all... | Mon, 06 Apr 2026 13:12:44 |
| CVE-2026-34568 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 12:57:44 |
| CVE-2026-34565 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 12:57:43 |
| CVE-2026-34557 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 12:57:43 |
| CVE-2026-34377 | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic erro... | Mon, 06 Apr 2026 12:57:43 |
| CVE-2026-34214 | Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector RES... | Mon, 06 Apr 2026 12:57:43 |
| CVE-2026-22815 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restric... | Mon, 06 Apr 2026 12:57:43 |
| CVE-2025-13916 | IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to dec... | Mon, 06 Apr 2026 12:57:43 |
| CVE-2026-34572 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 12:42:43 |
| CVE-2026-34571 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 12:42:43 |
| CVE-2026-34569 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 12:42:43 |
| CVE-2026-34567 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 12:42:43 |
| CVE-2026-34566 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Mon, 06 Apr 2026 12:42:43 |
| CVE-2026-34982 | Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary... | Mon, 06 Apr 2026 12:27:47 |
| CVE-2026-34969 | Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow p... | Mon, 06 Apr 2026 12:27:47 |
| CVE-2026-34951 | Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.c... | Mon, 06 Apr 2026 12:27:47 |
| CVE-2026-34950 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/s... | Mon, 06 Apr 2026 12:27:47 |
| CVE-2026-5704 | A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidde... | Mon, 06 Apr 2026 12:27:47 |
| CVE-2026-5666 | A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of ... | Mon, 06 Apr 2026 12:27:47 |