CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.

Read the API docs

[rss] [api]
Recent CVEs
Recently updated CVE records
CVE Description Updated
CVE-2026-53257 json In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT cap/oper consistency Xia... Wed, 08 Jul 2026 12:54:14
CVE-2026-56401 json Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventory_sync FlatBuffer DataVa... Wed, 08 Jul 2026 12:39:02
CVE-2026-59880 json Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set ke... Wed, 08 Jul 2026 12:23:17
CVE-2026-59877 json protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option n... Wed, 08 Jul 2026 12:23:17
CVE-2026-59876 json protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, the protobufjs Text Format e... Wed, 08 Jul 2026 12:23:17
CVE-2026-59875 json node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path ... Wed, 08 Jul 2026 12:23:17
CVE-2026-59874 json node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header ... Wed, 08 Jul 2026 12:23:17
CVE-2026-59873 json node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on t... Wed, 08 Jul 2026 12:23:17
CVE-2026-59871 json node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath... Wed, 08 Jul 2026 12:23:17
CVE-2026-59870 json js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/... Wed, 08 Jul 2026 12:23:17
CVE-2026-59869 json js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadr... Wed, 08 Jul 2026 12:23:17
CVE-2026-59868 json js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadr... Wed, 08 Jul 2026 12:23:17
CVE-2026-9074 json IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerabi... Wed, 08 Jul 2026 12:23:17
CVE-2026-59725 json Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol... Wed, 08 Jul 2026 12:23:16
CVE-2026-59724 json Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers ... Wed, 08 Jul 2026 12:23:16
CVE-2026-59702 json repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attac... Wed, 08 Jul 2026 12:23:16
CVE-2026-59262 json AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authen... Wed, 08 Jul 2026 12:23:16
CVE-2026-57439 json CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation ... Wed, 08 Jul 2026 12:23:16
CVE-2026-55873 json SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are rou... Wed, 08 Jul 2026 12:23:16
CVE-2026-55761 json Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to man... Wed, 08 Jul 2026 12:23:16
CVE-2026-54652 json Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenti... Wed, 08 Jul 2026 12:23:16
CVE-2026-54344 json ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployme... Wed, 08 Jul 2026 12:23:16
CVE-2026-53951 json Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the `trust` setting's pref... Wed, 08 Jul 2026 12:23:16
CVE-2026-49946 json Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Wed, 08 Jul 2026 12:23:16
CVE-2026-49945 json Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Wed, 08 Jul 2026 12:23:16
CVE-2026-49944 json Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Wed, 08 Jul 2026 12:23:16
CVE-2026-49147 json App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes.... Wed, 08 Jul 2026 12:23:16
CVE-2026-49146 json App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack sea... Wed, 08 Jul 2026 12:23:16
CVE-2026-49145 json App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the dir... Wed, 08 Jul 2026 12:23:16
CVE-2026-24700 json An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmw... Wed, 08 Jul 2026 12:23:16
CVE-2026-15063 json A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is e... Wed, 08 Jul 2026 12:23:16
CVE-2026-14967 json BBOT's `github_workflows` module could be induced to write a downloaded artifact outside its configured output directory: its... Wed, 08 Jul 2026 12:23:16
CVE-2026-14966 json BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed ... Wed, 08 Jul 2026 12:23:16
CVE-2026-3144 json IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access ... Wed, 08 Jul 2026 12:23:16
CVE-2026-58468 json NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authent... Wed, 08 Jul 2026 12:23:15
CVE-2026-56778 json n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which... Wed, 08 Jul 2026 12:23:15
CVE-2026-41042 json Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code... Wed, 08 Jul 2026 12:23:15
CVE-2026-24699 json An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmwa... Wed, 08 Jul 2026 12:23:15
CVE-2026-24698 json An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130... Wed, 08 Jul 2026 12:23:15
CVE-2026-24697 json An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with fi... Wed, 08 Jul 2026 12:23:15
CVE-2026-15067 json Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via a... Wed, 08 Jul 2026 12:23:15
CVE-2026-15062 json SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions prior to 1.53.0 could allow aut... Wed, 08 Jul 2026 12:23:15
CVE-2026-15036 json A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the fi... Wed, 08 Jul 2026 12:23:15
CVE-2026-14500 json The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and includ... Wed, 08 Jul 2026 12:23:15
CVE-2026-14244 json The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including,... Wed, 08 Jul 2026 12:23:15
CVE-2026-13020 json A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windo... Wed, 08 Jul 2026 12:23:15
CVE-2026-11903 json Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfe... Wed, 08 Jul 2026 12:23:15
CVE-2026-11798 json The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflecte... Wed, 08 Jul 2026 12:23:15
CVE-2026-10699 json Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules). This ... Wed, 08 Jul 2026 12:23:15
CVE-2026-10698 json Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports mod... Wed, 08 Jul 2026 12:23:15
CVE-2026-5356 json The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Va... Wed, 08 Jul 2026 12:23:15
CVE-2026-3688 json The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Di... Wed, 08 Jul 2026 12:23:15
CVE-2026-42015 json A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an ... Wed, 08 Jul 2026 12:23:14
CVE-2026-13019 json Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical ... Wed, 08 Jul 2026 12:23:14
CVE-2026-9182 json Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue b... Wed, 08 Jul 2026 12:23:14
CVE-2026-14895 json String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim fun... Wed, 08 Jul 2026 12:07:59
CVE-2026-7017 json HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server retur... Wed, 08 Jul 2026 12:07:59
CVE-2026-58472 json GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() fu... Wed, 08 Jul 2026 11:52:38
CVE-2026-58471 json GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() functi... Wed, 08 Jul 2026 11:52:38
CVE-2026-58470 json GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() fun... Wed, 08 Jul 2026 11:52:38
CVE-2026-58469 json GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string... Wed, 08 Jul 2026 11:52:38
CVE-2026-41049 json Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any l... Wed, 08 Jul 2026 11:52:38
CVE-2026-58657 json Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection vulnerability in the Markd... Wed, 08 Jul 2026 11:37:41
CVE-2026-55874 json SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-A... Wed, 08 Jul 2026 11:37:41
CVE-2026-55668 json File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a ... Wed, 08 Jul 2026 11:37:41
CVE-2026-59706 json mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forger... Wed, 08 Jul 2026 11:37:40
CVE-2026-59705 json mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to rea... Wed, 08 Jul 2026 11:37:40
CVE-2026-59153 json Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media f... Wed, 08 Jul 2026 11:37:40
CVE-2026-58656 json Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-A... Wed, 08 Jul 2026 11:37:40
CVE-2026-58654 json The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload e... Wed, 08 Jul 2026 11:37:40
CVE-2026-58480 json Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that... Wed, 08 Jul 2026 11:37:40
CVE-2026-58266 json Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Ru... Wed, 08 Jul 2026 11:37:40
CVE-2026-54061 json Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for extern... Wed, 08 Jul 2026 11:37:40
CVE-2026-44840 json Dgraph is an open source distributed GraphQL database. Prior to version 25.3.4, the `checkUserPassword` GraphQL query in Dgra... Wed, 08 Jul 2026 11:37:40
CVE-2026-22927 json Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability. Wed, 08 Jul 2026 11:37:40
CVE-2026-15041 json A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for compari... Wed, 08 Jul 2026 11:37:40
CVE-2026-9695 json An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attack... Wed, 08 Jul 2026 11:37:40
CVE-2026-55592 json Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assign... Wed, 08 Jul 2026 11:37:39
CVE-2026-53260 json In the Linux kernel, the following vulnerability has been resolved: tcp: Add preempt_{disable,enable}_nested() in reqsk_queu... Wed, 08 Jul 2026 11:37:39
CVE-2026-50179 json Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/se... Wed, 08 Jul 2026 11:37:39
CVE-2026-50007 json Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user wi... Wed, 08 Jul 2026 11:37:39
CVE-2026-49229 json Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future... Wed, 08 Jul 2026 11:37:39
CVE-2026-46700 json Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server che... Wed, 08 Jul 2026 11:37:39
CVE-2026-46672 json Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages... Wed, 08 Jul 2026 11:37:39
CVE-2026-23698 json Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature tha... Wed, 08 Jul 2026 11:37:39
CVE-2026-23697 json Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remot... Wed, 08 Jul 2026 11:37:39
CVE-2026-14969 json A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for... Wed, 08 Jul 2026 11:37:39
CVE-2026-14940 json A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that ... Wed, 08 Jul 2026 11:37:39
CVE-2026-14935 json A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boo... Wed, 08 Jul 2026 11:37:39
CVE-2026-14904 json AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and man... Wed, 08 Jul 2026 11:37:39
CVE-2025-12799 json A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configurati... Wed, 08 Jul 2026 11:37:39
CVE-2026-1460 json A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyx... Wed, 08 Jul 2026 11:37:37
CVE-2026-0711 json A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions throu... Wed, 08 Jul 2026 11:37:37
CVE-2026-59703 json repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read... Wed, 08 Jul 2026 11:22:36
CVE-2026-15044 json A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific securi... Wed, 08 Jul 2026 11:22:35
CVE-2026-10708 json This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a mini... Wed, 08 Jul 2026 11:22:35
CVE-2026-10706 json In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior ... Wed, 08 Jul 2026 11:22:35
CVE-2026-60125 json MISP’s importModule() path used getEnabledModule() to resolve a single import module by name, but this lookup did not enfor... Wed, 08 Jul 2026 11:22:33
CVE-2026-60124 json An authorization bypass in MISP’s EventsController::importModule() allowed authenticated users or read-only API keys with e... Wed, 08 Jul 2026 11:22:33
CVE-2026-60092 json AVideo (Meet plugin) through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerabi... Wed, 08 Jul 2026 11:22:33
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report