CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-5321 | A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component Fa... | Thu, 02 Apr 2026 01:21:42 |
| CVE-2026-5320 | A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the... | Thu, 02 Apr 2026 01:21:42 |
| CVE-2026-5319 | A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown functi... | Thu, 02 Apr 2026 00:21:24 |
| CVE-2026-5318 | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompres... | Wed, 01 Apr 2026 23:20:26 |
| CVE-2026-5317 | A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbi... | Wed, 01 Apr 2026 21:34:04 |
| CVE-2026-1243 | IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authentica... | Wed, 01 Apr 2026 21:34:04 |
| CVE-2026-32929 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file ma... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-32928 | V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-32927 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a ... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-32926 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted ... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-32925 | V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-21767 | HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive area... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-21765 | HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys locat... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-5316 | A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vo... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-5315 | A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the librar... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-5314 | A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_tru... | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-4759 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-3882 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Wed, 01 Apr 2026 21:19:58 |
| CVE-2026-34572 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-34571 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-34570 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-34569 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-34568 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-34567 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-34566 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-34565 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-34564 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-5313 | A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-3987 | A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated r... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2025-66487 | IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails,... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2025-66486 | IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, w... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2025-66485 | IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the ... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2025-66484 | IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2025-66483 | IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated ... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2025-36375 | IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM Da... | Wed, 01 Apr 2026 21:19:57 |
| CVE-2025-0711 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Wed, 01 Apr 2026 21:19:57 |
| CVE-2026-34873 | An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34563 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34562 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34561 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34560 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34559 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization an... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34545 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34544 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34543 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motio... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34531 | Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation ... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34530 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34529 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34528 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34525 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host header... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34520 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the de... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-5312 | A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-32... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-4820 | IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session co... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-4364 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-4101 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Wed, 01 Apr 2026 21:19:56 |
| CVE-2026-34872 | An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory beha... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34750 | Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34749 | Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cross-Site Request Forgery (... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34748 | Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored C... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34747 | Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were no... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34519 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who cont... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34518 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redir... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34517 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart f... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34516 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an e... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34515 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the stati... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34514 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who cont... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-34513 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cac... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-22815 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restric... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-5311 | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-2862 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-2475 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-1491 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-1345 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and I... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2025-36373 | IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM Da... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2025-13916 | IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to dec... | Wed, 01 Apr 2026 21:19:55 |
| CVE-2026-35000 | ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation ... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34875 | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export f... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34874 | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34871 | An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable ... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34751 | Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payl... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34746 | Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side R... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34456 | Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version ... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34455 | Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-b... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34447 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34446 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34445 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the E... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34397 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 an... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34376 | PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to vers... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34236 | Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applicat... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-25835 | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-25833 | Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-5199 | A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim na... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2025-66442 | In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs w... | Wed, 01 Apr 2026 21:19:54 |
| CVE-2026-34604 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment che... | Wed, 01 Apr 2026 21:19:53 |
| CVE-2026-34603 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal chec... | Wed, 01 Apr 2026 21:19:53 |
| CVE-2026-34222 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, t... | Wed, 01 Apr 2026 21:19:53 |
| CVE-2026-34159 | llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skip... | Wed, 01 Apr 2026 21:19:53 |
| CVE-2026-34076 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before... | Wed, 01 Apr 2026 21:19:53 |
| CVE-2026-34072 | Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Pri... | Wed, 01 Apr 2026 21:19:53 |
| CVE-2026-33990 | Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker... | Wed, 01 Apr 2026 21:19:53 |