CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-26241 json | A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnera... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-26240 json | A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnera... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-11837 json | A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() funct... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-11434 json | A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of t... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-4821 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error. | Wed, 10 Jun 2026 01:30:48 |
| CVE-2025-8444 json | The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable t... | Wed, 10 Jun 2026 01:30:48 |
| CVE-2026-26239 json | A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they c... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-26237 json | A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerab... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24724 json | An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user accoun... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24720 json | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24719 json | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker ga... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24717 json | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-24716 json | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote atta... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-22899 json | A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user accoun... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2026-22893 json | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker ga... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66281 json | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attac... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66280 json | An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remo... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66279 json | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker ga... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66273 json | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker ga... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-62851 json | A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-62850 json | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote atta... | Wed, 10 Jun 2026 00:30:39 |
| CVE-2025-66276 json | QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 a... | Tue, 09 Jun 2026 23:30:04 |
| CVE-2025-59382 json | QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version: | Tue, 09 Jun 2026 23:30:04 |
| CVE-2025-58468 json | A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can t... | Tue, 09 Jun 2026 23:30:04 |
| CVE-2026-46532 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an ... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45542 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a h... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45541 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a N... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45329 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-se... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45328 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exp... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2026-45160 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, a... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2019-25744 json | WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to ... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2019-25743 json | WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers t... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2019-25742 json | WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated ag... | Tue, 09 Jun 2026 22:29:41 |
| CVE-2019-25739 json | GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious ... | Tue, 09 Jun 2026 22:29:40 |
| CVE-2019-25737 json | Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to injec... | Tue, 09 Jun 2026 22:29:40 |
| CVE-2019-25731 json | Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malici... | Tue, 09 Jun 2026 22:29:40 |
| CVE-2018-25384 json | Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts... | Tue, 09 Jun 2026 22:29:40 |
| CVE-2026-46546 json | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.... | Tue, 09 Jun 2026 21:29:14 |
| CVE-2026-44634 json | SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multipl... | Tue, 09 Jun 2026 21:29:14 |
| CVE-2026-53675 json | BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenti... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-53674 json | BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username ... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-53673 json | BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticat... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-47838 json | SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to re... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46545 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46543 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46542 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:23 |
| CVE-2026-46541 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46540 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46539 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to vers... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46518 json | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46517 json | LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded ... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46491 json | SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46432 json | LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy i... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-46411 json | FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ab... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-45782 json | Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can caus... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-44716 json | Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-44505 json | Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41837 json | Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41732 json | JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package ... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41731 json | JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefi... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41730 json | Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41729 json | Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (applicat... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41728 json | Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermed... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41727 json | Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. ... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41726 json | When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending record... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41721 json | Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support ... | Tue, 09 Jun 2026 20:28:22 |
| CVE-2026-41719 json | A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a reposito... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41717 json | Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during ... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41716 json | Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowin... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41714 json | Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also callin... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41711 json | Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowExcept... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41706 json | Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cooki... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41701 json | Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41697 json | Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (START... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41696 json | Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient vali... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41695 json | Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled ... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41694 json | Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without req... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41008 json | Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. ... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-41003 json | An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-40993 json | An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_par... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-40991 json | When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attac... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-40988 json | An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vuln... | Tue, 09 Jun 2026 20:28:21 |
| CVE-2026-46433 json | lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-46374 json | SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-46373 json | SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-44963 json | A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-10238 json | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9754 json | An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuanc... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9753 json | The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binar... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9752 json | An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON Geo... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9751 json | The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.l... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9750 json | An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere wi... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9749 json | This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range pa... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9748 json | The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats c... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9747 json | Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9746 json | When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which caus... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9743 json | In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If ... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9742 json | When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "au... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9741 json | A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field ... | Tue, 09 Jun 2026 19:27:19 |
| CVE-2026-9740 json | A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sendi... | Tue, 09 Jun 2026 19:27:19 |