CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-7567 json | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This i... | Fri, 01 May 2026 06:29:15 |
| CVE-2026-43003 json | An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes g... | Fri, 01 May 2026 05:29:14 |
| CVE-2026-43001 json | An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied p... | Fri, 01 May 2026 05:29:14 |
| CVE-2026-42403 json | Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular... | Fri, 01 May 2026 05:29:14 |
| CVE-2026-42402 json | Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially c... | Fri, 01 May 2026 05:29:14 |
| CVE-2026-40201 json | @diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file. | Fri, 01 May 2026 05:29:14 |
| CVE-2026-31431 json | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place T... | Fri, 01 May 2026 05:29:14 |
| CVE-2026-42996 json | JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS ... | Fri, 01 May 2026 04:29:12 |
| CVE-2026-41226 json | Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessin... | Fri, 01 May 2026 04:29:12 |
| CVE-2026-7584 json | The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python... | Fri, 01 May 2026 04:29:12 |
| CVE-2026-7555 json | A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intra... | Fri, 01 May 2026 02:29:09 |
| CVE-2026-7554 json | A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file ... | Fri, 01 May 2026 02:29:09 |
| CVE-2026-6127 json | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta ... | Fri, 01 May 2026 02:29:09 |
| CVE-2024-13362 json | Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in variou... | Fri, 01 May 2026 02:29:09 |
| CVE-2026-42994 json | Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This... | Fri, 01 May 2026 01:29:08 |
| CVE-2026-7553 json | A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functional... | Fri, 01 May 2026 01:29:08 |
| CVE-2026-7550 json | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of ... | Fri, 01 May 2026 01:29:08 |
| CVE-2026-7549 json | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file... | Fri, 01 May 2026 01:29:08 |
| CVE-2026-7548 json | A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi... | Thu, 30 Apr 2026 23:29:04 |
| CVE-2026-7546 json | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function fi... | Thu, 30 Apr 2026 23:29:04 |
| CVE-2026-40687 json | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bo... | Thu, 30 Apr 2026 22:29:03 |
| CVE-2026-40686 json | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are... | Thu, 30 Apr 2026 22:29:03 |
| CVE-2026-40685 json | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters mal... | Thu, 30 Apr 2026 22:29:03 |
| CVE-2026-40684 json | In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed D... | Thu, 30 Apr 2026 22:29:03 |
| CVE-2026-7545 json | A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown fu... | Thu, 30 Apr 2026 22:29:03 |
| CVE-2026-7538 json | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the ... | Thu, 30 Apr 2026 22:29:03 |
| CVE-2026-7536 json | A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of ... | Thu, 30 Apr 2026 22:29:03 |
| CVE-2026-7535 json | A vulnerability was found in Open5GS up to 2.7.7. This affects the function amf_namf_comm_handle_registration_status_update_r... | Thu, 30 Apr 2026 21:27:10 |
| CVE-2026-7519 json | A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImag... | Thu, 30 Apr 2026 21:27:10 |
| CVE-2026-7518 json | A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amf_namf_callback_handle_sdm_data_change_notify... | Thu, 30 Apr 2026 21:27:10 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Thu, 30 Apr 2026 21:11:27 |
| CVE-2026-7513 json | A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the fil... | Thu, 30 Apr 2026 20:25:56 |
| CVE-2026-7512 json | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/f... | Thu, 30 Apr 2026 20:25:56 |
| CVE-2026-22726 json | Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a... | Thu, 30 Apr 2026 20:25:55 |
| CVE-2026-5656 json | Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code exec... | Thu, 30 Apr 2026 20:25:55 |
| CVE-2026-5405 json | RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execu... | Thu, 30 Apr 2026 20:25:55 |
| CVE-2026-5404 json | K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | Thu, 30 Apr 2026 20:25:55 |
| CVE-2026-5403 json | SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | Thu, 30 Apr 2026 20:25:55 |
| CVE-2026-28909 json | Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials ex... | Thu, 30 Apr 2026 19:25:14 |
| CVE-2026-7510 json | A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of... | Thu, 30 Apr 2026 19:25:14 |
| CVE-2026-7508 json | A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/sho... | Thu, 30 Apr 2026 19:25:14 |
| CVE-2026-7506 json | A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /i... | Thu, 30 Apr 2026 19:25:14 |
| CVE-2026-7505 json | A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the compone... | Thu, 30 Apr 2026 19:25:14 |
| CVE-2026-4178 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Thu, 30 Apr 2026 19:25:14 |
| CVE-2026-7551 json | HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders acce... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2026-7503 json | A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleCo... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2026-7502 json | A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLi... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2026-6543 json | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2026-6542 json | IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data ... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2026-6389 json | IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2026-3345 json | IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could ... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2026-2311 json | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI auth... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2026-1577 json | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allo... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2025-36335 json | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local u... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2025-36180 json | IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an att... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2025-36122 json | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allo... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2025-14688 json | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allo... | Thu, 30 Apr 2026 18:24:41 |
| CVE-2026-7163 json | A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multiclu... | Thu, 30 Apr 2026 18:24:40 |
| CVE-2026-5577 json | A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unkno... | Thu, 30 Apr 2026 17:39:11 |
| CVE-2026-41263 json | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side... | Thu, 30 Apr 2026 17:23:56 |
| CVE-2026-41174 json | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential v... | Thu, 30 Apr 2026 17:23:56 |
| CVE-2026-40951 json | CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local co... | Thu, 30 Apr 2026 17:23:56 |
| CVE-2026-7501 json | A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/... | Thu, 30 Apr 2026 17:23:56 |
| CVE-2026-7435 json | SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed direc... | Thu, 30 Apr 2026 17:23:56 |
| CVE-2026-6539 json | Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to c... | Thu, 30 Apr 2026 17:23:56 |
| CVE-2026-4503 json | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an i... | Thu, 30 Apr 2026 17:23:56 |
| CVE-2026-4502 json | IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system... | Thu, 30 Apr 2026 17:23:56 |
| CVE-2026-40950 json | CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a mo... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-40949 json | CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local c... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-40912 json | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severi... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-39858 json | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severi... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-35569 json | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scri... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-35051 json | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentica... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-33452 json | CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local c... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-33451 json | CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with l... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-33450 json | CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with contr... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-33449 json | CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers wit... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-33446 json | CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers w... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-28532 json | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV ... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-7461 json | Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon EC... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-7429 json | SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to ... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-5585 json | A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/webso... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-3346 json | IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an a... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-3340 json | IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an ... | Thu, 30 Apr 2026 17:23:55 |
| CVE-2026-25990 json | Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a spec... | Thu, 30 Apr 2026 17:23:54 |
| CVE-2026-5584 json | A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file source... | Thu, 30 Apr 2026 17:23:54 |
| CVE-2026-41397 json | OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through... | Thu, 30 Apr 2026 17:08:30 |
| CVE-2026-5474 json | A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/... | Thu, 30 Apr 2026 17:08:30 |
| CVE-2026-5473 json | A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pic... | Thu, 30 Apr 2026 17:08:30 |
| CVE-2026-41396 json | OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, comp... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-41395 json | OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-41394 json | OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes recei... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-41393 json | OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-41392 json | OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via s... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-41391 json | OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution c... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-41390 json | OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-41388 json | OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settin... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-26206 json | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before ve... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-26204 json | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before ve... | Thu, 30 Apr 2026 16:53:15 |
| CVE-2026-7470 json | A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /gofor... | Thu, 30 Apr 2026 16:53:15 |