CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-45671 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authen... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-45399 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authen... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-45395 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool u... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-45387 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setti... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-45349 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user jus... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-45339 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-45331 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_u... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-44568 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the Accoun... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-44564 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:d... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-44563 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/g... | Mon, 18 May 2026 23:12:19 |
| CVE-2026-44562 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /... | Mon, 18 May 2026 23:12:18 |
| CVE-2026-44561 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_use... | Mon, 18 May 2026 23:12:18 |
| CVE-2026-44560 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: ... | Mon, 18 May 2026 23:12:18 |
| CVE-2026-44559 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /a... | Mon, 18 May 2026 23:12:18 |
| CVE-2026-44554 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /... | Mon, 18 May 2026 23:12:18 |
| CVE-2026-44550 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm... | Mon, 18 May 2026 23:12:18 |
| CVE-2026-33514 json | Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an ... | Mon, 18 May 2026 22:27:12 |
| CVE-2026-33234 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In... | Mon, 18 May 2026 22:27:12 |
| CVE-2026-33233 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In... | Mon, 18 May 2026 22:27:12 |
| CVE-2026-33232 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Ve... | Mon, 18 May 2026 22:27:12 |
| CVE-2026-33052 json | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticate... | Mon, 18 May 2026 22:27:12 |
| CVE-2026-32323 json | Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allo... | Mon, 18 May 2026 22:27:12 |
| CVE-2026-45386 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin ... | Mon, 18 May 2026 21:56:33 |
| CVE-2026-45385 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vu... | Mon, 18 May 2026 21:56:33 |
| CVE-2026-44721 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored c... | Mon, 18 May 2026 21:56:33 |
| CVE-2026-45246 json | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path t... | Mon, 18 May 2026 21:41:37 |
| CVE-2026-45245 json | Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synth... | Mon, 18 May 2026 21:41:37 |
| CVE-2026-45244 json | Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation ... | Mon, 18 May 2026 21:41:37 |
| CVE-2026-45243 json | Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that... | Mon, 18 May 2026 21:41:37 |
| CVE-2026-45242 json | Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authentica... | Mon, 18 May 2026 21:41:37 |
| CVE-2026-8743 json | A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf... | Mon, 18 May 2026 21:41:37 |
| CVE-2026-45675 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP an... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-45667 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-45666 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-45665 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored C... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-45365 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an intern... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-8730 json | A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/co... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-8558 json | Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code ins... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-8557 json | Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the re... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-8553 json | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer pro... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-8540 json | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sa... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-8538 json | Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had ... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-8537 json | Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-8533 json | Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the re... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-8532 json | Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a... | Mon, 18 May 2026 21:41:36 |
| CVE-2026-32312 json | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms ... | Mon, 18 May 2026 20:25:19 |
| CVE-2026-32244 json | Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, out... | Mon, 18 May 2026 20:25:19 |
| CVE-2026-8149 json | A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associate... | Mon, 18 May 2026 20:25:19 |
| CVE-2026-5598 json | Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerabil... | Mon, 18 May 2026 20:25:19 |
| CVE-2026-5588 json | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pki... | Mon, 18 May 2026 20:25:19 |
| CVE-2026-3505 json | Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy... | Mon, 18 May 2026 20:25:19 |
| CVE-2026-0636 json | Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Ca... | Mon, 18 May 2026 20:25:19 |
| CVE-2025-14813 json | : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (c... | Mon, 18 May 2026 20:25:19 |
| CVE-2026-30950 json | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Ve... | Mon, 18 May 2026 19:24:15 |
| CVE-2026-27964 json | FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site ... | Mon, 18 May 2026 18:23:50 |
| CVE-2026-27892 json | FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and ... | Mon, 18 May 2026 18:23:50 |
| CVE-2026-29965 json | HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to impro... | Mon, 18 May 2026 18:23:49 |
| CVE-2026-29964 json | HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper n... | Mon, 18 May 2026 18:23:49 |
| CVE-2026-27891 json | FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability ... | Mon, 18 May 2026 18:23:49 |
| CVE-2026-27737 json | BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) ... | Mon, 18 May 2026 18:23:49 |
| CVE-2026-27130 json | Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through th... | Mon, 18 May 2026 17:22:19 |
| CVE-2026-26978 json | FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data dur... | Mon, 18 May 2026 17:22:19 |
| CVE-2026-25244 json | WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Ve... | Mon, 18 May 2026 17:22:19 |
| CVE-2026-22810 json | Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3... | Mon, 18 May 2026 17:22:19 |
| CVE-2026-8851 json | SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authentica... | Mon, 18 May 2026 17:22:19 |
| CVE-2026-8838 json | Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1... | Mon, 18 May 2026 17:22:19 |
| CVE-2026-4137 json | In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates... | Mon, 18 May 2026 17:22:19 |
| CVE-2026-8746 json | A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the li... | Mon, 18 May 2026 17:22:18 |
| CVE-2026-8733 json | A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B46... | Mon, 18 May 2026 17:22:18 |
| CVE-2025-65954 json | SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.... | Mon, 18 May 2026 17:22:18 |
| CVE-2026-46728 json | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a h... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-45829 json | A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthe... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-41085 json | Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authentic... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-38719 json | OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically ... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-36438 json | An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via p... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-21789 json | HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain sce... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-8843 json | Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-8723 json | ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an a... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-8657 json | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and js... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-8656 json | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter d... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-6902 json | A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as CVE-2026-6902, has been fixed ... | Mon, 18 May 2026 16:37:13 |
| CVE-2025-57282 json | ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection. | Mon, 18 May 2026 16:37:13 |
| CVE-2025-56352 json | In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CO... | Mon, 18 May 2026 16:37:13 |
| CVE-2023-24215 json | Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to o... | Mon, 18 May 2026 16:37:13 |
| CVE-2026-38728 json | An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._... | Mon, 18 May 2026 16:37:12 |
| CVE-2026-34253 json | A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function re... | Mon, 18 May 2026 16:37:12 |
| CVE-2025-14972 json | * Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repe... | Mon, 18 May 2026 16:37:12 |
| CVE-2026-47092 json | Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers ... | Mon, 18 May 2026 16:22:03 |
| CVE-2026-47091 json | Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read a... | Mon, 18 May 2026 16:22:03 |
| CVE-2026-47090 json | Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and ... | Mon, 18 May 2026 16:22:03 |
| CVE-2026-39079 json | An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive informati... | Mon, 18 May 2026 16:22:03 |
| CVE-2026-8783 json | A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCh... | Mon, 18 May 2026 16:22:03 |
| CVE-2026-4320 json | Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protect... | Mon, 18 May 2026 16:22:03 |
| CVE-2026-45351 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a reg... | Mon, 18 May 2026 16:22:02 |
| CVE-2026-45318 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his adviso... | Mon, 18 May 2026 16:22:02 |
| CVE-2026-8770 json | A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/... | Mon, 18 May 2026 16:22:02 |
| CVE-2026-8754 json | A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dash... | Mon, 18 May 2026 16:22:02 |
| CVE-2026-8724 json | A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file Sqlp... | Mon, 18 May 2026 16:22:02 |
| CVE-2021-47952 json | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python comm... | Mon, 18 May 2026 16:22:02 |
| CVE-2021-47942 json | Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to... | Mon, 18 May 2026 16:22:02 |