CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-13976 json | Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised... | Thu, 02 Jul 2026 12:46:43 |
| CVE-2026-13972 json | Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofin... | Thu, 02 Jul 2026 12:46:43 |
| CVE-2026-13968 json | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who ... | Thu, 02 Jul 2026 12:46:43 |
| CVE-2026-13967 json | Heap buffer overflow in V8 in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside... | Thu, 02 Jul 2026 12:46:43 |
| CVE-2026-13964 json | Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to by... | Thu, 02 Jul 2026 12:46:43 |
| CVE-2026-13955 json | Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local a... | Thu, 02 Jul 2026 12:46:43 |
| CVE-2026-13953 json | Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromis... | Thu, 02 Jul 2026 12:46:43 |
| CVE-2026-13952 json | Inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cro... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13951 json | Insufficient policy enforcement in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised ... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13948 json | Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a use... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13946 json | Inappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to ... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13945 json | Insufficient policy enforcement in Extensions in Google Chrome on Linux prior to 150.0.7871.47 allowed an attacker who convin... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13944 json | Inappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who con... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13942 json | Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13941 json | Inappropriate implementation in SiteSettings in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to ... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13939 json | Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 150.0.7871.47 allowed a remote at... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13938 json | Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memor... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13937 json | Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compro... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13903 json | Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform pri... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13900 json | Inappropriate implementation in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromi... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13899 json | Use after free in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a s... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13898 json | Use after free in Cast Receiver in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code i... | Thu, 02 Jul 2026 12:46:42 |
| CVE-2026-13897 json | Insufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform pr... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13893 json | Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13876 json | Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network p... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13871 json | Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compro... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13865 json | Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13864 json | Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13841 json | Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer p... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13840 json | Insufficient policy enforcement in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-ori... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13839 json | Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin p... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13838 json | Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin p... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13837 json | Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing ... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13836 json | Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scr... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13835 json | Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit ... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13815 json | Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a ... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13792 json | Use after free in Touchbar in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to potentially perform a ... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13790 json | Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-or... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-13789 json | Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer proc... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-10560 json | IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints t... | Thu, 02 Jul 2026 12:46:41 |
| CVE-2026-42526 json | In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the... | Thu, 02 Jul 2026 12:46:40 |
| CVE-2026-27173 json | JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberente... | Thu, 02 Jul 2026 12:46:40 |
| CVE-2026-25604 json | In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against t... | Thu, 02 Jul 2026 12:46:40 |
| CVE-2026-10546 json | IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/l... | Thu, 02 Jul 2026 12:46:40 |
| CVE-2026-10140 json | IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients acr... | Thu, 02 Jul 2026 12:46:40 |
| CVE-2026-58455 json | Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to exec... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-56842 json | A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerabil... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-56841 json | A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability fo... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-56004 json | A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attac... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55119 json | A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found ... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55118 json | A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Con... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55117 json | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application t... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55116 json | A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Contro... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55115 json | A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi P... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55114 json | A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found ... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55113 json | A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi ... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55112 json | A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55111 json | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight d... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-55110 json | A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) mi... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-54404 json | A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnera... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-54402 json | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability foun... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-54401 json | A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalat... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-50747 json | A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnera... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-50746 json | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Ap... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-44941 json | A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers a... | Thu, 02 Jul 2026 12:31:23 |
| CVE-2026-57761 json | Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57754 json | Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57748 json | Contributor Local File Inclusion in Shopify <= 1.0.0 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57689 json | Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57683 json | Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57675 json | Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus <= 9.2.02.004 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57669 json | Subscriber Broken Access Control in Advanced Contact form 7 DB <= 2.0.9 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57366 json | Unauthenticated Cross Site Scripting (XSS) in WPAdverts <= 2.3.1 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57357 json | Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO <= 2.6.6 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57351 json | Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-57344 json | Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-56037 json | Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify... | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-27436 json | Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-27414 json | Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-13251 json | The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the... | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-9145 json | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the c... | Thu, 02 Jul 2026 12:31:22 |
| CVE-2025-69156 json | Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2025-69133 json | Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions. | Thu, 02 Jul 2026 12:31:22 |
| CVE-2026-58592 json | Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-55793 json | Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can ... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-55791 json | Craft CMS is a content management system (CMS). Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-54908 json | Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denia... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-54720 json | Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media fr... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-54712 json | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In ver... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-54260 json | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenti... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-54259 json | Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documen... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-54074 json | Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerabil... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-50280 json | Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actio... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-14429 json | Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had ... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-14428 json | Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attack... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-14427 json | Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the render... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-14424 json | Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sand... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-14421 json | Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-14420 json | Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform... | Thu, 02 Jul 2026 12:31:21 |
| CVE-2026-14340 json | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scope... | Thu, 02 Jul 2026 12:31:21 |