CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-50258 json | A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers size... | Mon, 08 Jun 2026 12:51:54 |
| CVE-2026-50257 json | A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fe... | Mon, 08 Jun 2026 12:51:54 |
| CVE-2026-50256 json | A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libX... | Mon, 08 Jun 2026 12:51:54 |
| CVE-2026-11309 json | Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI sp... | Mon, 08 Jun 2026 12:51:54 |
| CVE-2026-11297 json | Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local ... | Mon, 08 Jun 2026 12:51:54 |
| CVE-2026-11295 json | Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perfo... | Mon, 08 Jun 2026 12:51:54 |
| CVE-2026-49942 json | Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could conta... | Mon, 08 Jun 2026 12:51:53 |
| CVE-2026-49941 json | Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to par... | Mon, 08 Jun 2026 12:51:53 |
| CVE-2026-11291 json | Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker... | Mon, 08 Jun 2026 12:51:53 |
| CVE-2026-8722 json | Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for new... | Mon, 08 Jun 2026 12:51:53 |
| CVE-2026-49940 json | Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-... | Mon, 08 Jun 2026 12:36:50 |
| CVE-2026-46741 json | Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for new... | Mon, 08 Jun 2026 12:36:50 |
| CVE-2026-46739 json | Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or ... | Mon, 08 Jun 2026 12:36:50 |
| CVE-2026-11287 json | Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker wh... | Mon, 08 Jun 2026 12:36:50 |
| CVE-2026-11281 json | Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentia... | Mon, 08 Jun 2026 12:36:50 |
| CVE-2026-8829 json | HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entiti... | Mon, 08 Jun 2026 12:36:50 |
| CVE-2026-49975 json | Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via mal... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-49756 json | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smugg... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-49755 json | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled H... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-48913 json | Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affe... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-48488 json | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a crypto... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46657 json | Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46656 json | Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remai... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46480 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator cr... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46479 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation c... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46478 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow c... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46477 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset crea... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46476 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTempla... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46475 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant cr... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46444 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD end... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46443 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credent... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46442 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46441 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assig... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46440 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBas... | Mon, 08 Jun 2026 12:21:18 |
| CVE-2026-46275 json | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in clo... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-46274 json | In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_rem... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-44631 json | Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affect... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-44186 json | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with a... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-44185 json | Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This i... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-44119 json | Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read f... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-43951 json | Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This i... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-42863 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assig... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-42862 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assig... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-42861 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assig... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-42536 json | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-42535 json | A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trust... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-36786 json | Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of ... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-34356 json | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* Th... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-34355 json | A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users ... | Mon, 08 Jun 2026 12:21:17 |
| CVE-2026-34194 json | Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-29170 json | A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 an... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-29167 json | Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HT... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-22164 json | Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. B... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-11529 json | A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_reso... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-11528 json | A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRe... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-11524 json | A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/mo... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-11523 json | A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth ... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-11522 json | A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-11516 json | A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNat... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-11459 json | A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the libra... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-11450 json | A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/r... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2025-71315 json | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' v... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2020-37248 json | OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-... | Mon, 08 Jun 2026 12:21:16 |
| CVE-2026-42547 json | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In version... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-42329 json | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions p... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-41236 json | Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH ... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11448 json | A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /r... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11124 json | Integer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corrup... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11123 json | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive ... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11122 json | Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrar... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11121 json | Insufficient validation of untrusted input in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had ... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11120 json | Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote a... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11022 json | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who ... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11021 json | Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacke... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11018 json | Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigati... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11017 json | Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compro... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11016 json | Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who h... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11015 json | Out of bounds read in WebGPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds me... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-11013 json | Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who h... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2026-10870 json | A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2016-20032 json | ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute a... | Mon, 08 Jun 2026 12:21:15 |
| CVE-2016-20031 json | ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authent... | Mon, 08 Jun 2026 12:21:14 |
| CVE-2016-20030 json | ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid us... | Mon, 08 Jun 2026 12:21:14 |
| CVE-2016-20029 json | ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by m... | Mon, 08 Jun 2026 12:21:14 |
| CVE-2016-20028 json | ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative ... | Mon, 08 Jun 2026 12:21:14 |
| CVE-2016-20027 json | ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arb... | Mon, 08 Jun 2026 12:21:14 |
| CVE-2016-20026 json | ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attack... | Mon, 08 Jun 2026 12:21:14 |
| CVE-2016-20025 json | ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to esc... | Mon, 08 Jun 2026 12:21:14 |
| CVE-2016-20024 json | ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate priv... | Mon, 08 Jun 2026 12:21:14 |
| CVE-2026-11094 json | Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-11093 json | Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromise... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-11078 json | Inappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromi... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-11075 json | Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive in... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-11073 json | Use after free in WebGL in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive inf... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-11072 json | Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary co... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-11071 json | Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the ren... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-11070 json | Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote ... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-11069 json | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypas... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-11056 json | Insufficient validation of untrusted input in SiteIsolation in Google Chrome on Windows prior to 149.0.7827.53 allowed a remo... | Mon, 08 Jun 2026 12:05:48 |
| CVE-2026-9549 json | Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2... | Mon, 08 Jun 2026 12:05:48 |