CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-30867 json | CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in ... | Tue, 07 Apr 2026 14:14:09 |
| CVE-2026-5735 json | Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruptio... | Tue, 07 Apr 2026 14:14:09 |
| CVE-2026-5734 json | Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of ... | Tue, 07 Apr 2026 14:14:09 |
| CVE-2026-5733 json | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 149.0.2. | Tue, 07 Apr 2026 14:14:09 |
| CVE-2026-4570 json | A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file ... | Tue, 07 Apr 2026 13:43:43 |
| CVE-2025-57834 json | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2... | Tue, 07 Apr 2026 13:43:43 |
| CVE-2026-39384 json | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take ... | Tue, 07 Apr 2026 13:28:46 |
| CVE-2026-39316 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and p... | Tue, 07 Apr 2026 13:28:46 |
| CVE-2026-39314 json | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and p... | Tue, 07 Apr 2026 13:28:46 |
| CVE-2026-39312 json | SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication den... | Tue, 07 Apr 2026 13:28:46 |
| CVE-2026-39308 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recip... | Tue, 07 Apr 2026 13:28:46 |
| CVE-2026-39307 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Z... | Tue, 07 Apr 2026 13:28:46 |
| CVE-2026-39306 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled... | Tue, 07 Apr 2026 13:28:46 |
| CVE-2026-39305 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerab... | Tue, 07 Apr 2026 13:28:46 |
| CVE-2026-4631 json | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without ... | Tue, 07 Apr 2026 13:28:46 |
| CVE-2026-35615 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35614 json | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. T... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35613 json | coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versio... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35611 json | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35610 json | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) an... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35608 json | QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview e... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35607 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35606 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35605 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35604 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35592 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function ... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35586 json | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS auth... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35585 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35584 json | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35583 json | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint (/api/configuration/{nam... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35581 json | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands ... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35580 json | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35578 json | ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM app... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35574 json | ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting (XSS) vulnerability in Ch... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35523 json | Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentica... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-32588 json | Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated ... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-27315 json | Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from prev... | Tue, 07 Apr 2026 13:28:45 |
| CVE-2026-35489 json | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-35485 json | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated pat... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-35464 json | pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS s... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-35460 json | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra i... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-27314 json | Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CR... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-24660 json | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-24450 json | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specia... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-23696 json | Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-22683 json | Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator ro... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-21413 json | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Co... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-3902 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2025-70844 json | yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account G... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2025-14944 json | The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0.... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2025-14821 json | A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure She... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2024-36058 json | The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to ... | Tue, 07 Apr 2026 13:28:44 |
| CVE-2026-35554 json | A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delive... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-35474 json | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirec... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-35046 json | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor ... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-35042 json | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critic... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-35035 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-34989 json | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-34976 json | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the ... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-34969 json | Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow p... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-20911 json | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-20889 json | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-20884 json | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially craf... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-5732 json | Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-5355 json | A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /se... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-5354 json | A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-5353 json | A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Perfor... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-5352 json | A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.c... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-4079 json | The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, m... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-1900 json | The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated setti... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2025-54328 json | An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2025-15611 json | The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before ... | Tue, 07 Apr 2026 13:28:43 |
| CVE-2026-5351 json | A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi... | Tue, 07 Apr 2026 13:28:42 |
| CVE-2021-38289 json | An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows att... | Tue, 07 Apr 2026 13:28:42 |
| CVE-2026-34762 json | Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts a... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2026-34761 json | Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handove... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2025-59440 json | An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, ... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2025-57835 json | An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2019-25704 json | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting ... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2019-25702 json | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting ... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2019-25700 json | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting ... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2019-25698 json | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting ... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2019-25696 json | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting ... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2019-25694 json | Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queri... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2019-25692 json | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting ... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2019-25690 json | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting ... | Tue, 07 Apr 2026 12:58:42 |
| CVE-2026-5350 json | A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the fi... | Tue, 07 Apr 2026 12:43:42 |
| CVE-2026-4364 json | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Tue, 07 Apr 2026 12:43:42 |
| CVE-2026-4101 json | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Tue, 07 Apr 2026 12:43:42 |
| CVE-2026-2862 json | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Tue, 07 Apr 2026 12:43:42 |
| CVE-2019-25688 json | Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queri... | Tue, 07 Apr 2026 12:43:42 |
| CVE-2026-35092 json | A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote,... | Tue, 07 Apr 2026 12:43:41 |
| CVE-2026-35091 json | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosyn... | Tue, 07 Apr 2026 12:43:41 |
| CVE-2026-34999 json | OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows ... | Tue, 07 Apr 2026 12:43:41 |
| CVE-2026-2475 json | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Tue, 07 Apr 2026 12:43:41 |
| CVE-2026-1491 json | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Tue, 07 Apr 2026 12:43:41 |
| CVE-2026-35571 json | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuratio... | Tue, 07 Apr 2026 12:28:44 |
| CVE-2026-35567 json | ChurchCRM is an open-source church management system. Prior to 7.1.0, the NewRole POST parameter in src/MemberRoleChange.php ... | Tue, 07 Apr 2026 12:28:44 |
| CVE-2026-35566 json | ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical SQL injection vulnerability exists in src/Re... | Tue, 07 Apr 2026 12:28:44 |
| CVE-2026-5745 json | A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within... | Tue, 07 Apr 2026 12:28:44 |