CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2025-54236 | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Sat, 04 Apr 2026 18:06:19 |
| CVE-2018-25246 | Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by s... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2018-25245 | 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessi... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2018-25244 | Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitt... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2018-25243 | FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submittin... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2018-25242 | One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitt... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2018-25241 | VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the applicatio... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2018-25240 | Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting ... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2018-25239 | Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitti... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2018-25238 | VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2016-20054 | Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actio... | Sat, 04 Apr 2026 16:21:14 |
| CVE-2018-25255 | 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local atta... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2018-25254 | NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execu... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2018-25253 | Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attacker... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2018-25252 | FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecti... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2018-25251 | Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2018-25250 | MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2018-25249 | MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject ... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2018-25248 | MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject ma... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2018-25247 | MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by cre... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2016-20061 | sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to es... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2016-20060 | Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers ... | Sat, 04 Apr 2026 10:31:07 |
| CVE-2016-20059 | IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that... | Sat, 04 Apr 2026 10:31:06 |
| CVE-2016-20058 | Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHe... | Sat, 04 Apr 2026 10:31:06 |
| CVE-2016-20057 | NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allow... | Sat, 04 Apr 2026 10:31:06 |
| CVE-2016-20056 | Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services tha... | Sat, 04 Apr 2026 10:31:06 |
| CVE-2016-20055 | IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service t... | Sat, 04 Apr 2026 10:31:06 |
| CVE-2016-20053 | Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administra... | Sat, 04 Apr 2026 10:31:06 |
| CVE-2016-20052 | Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary fi... | Sat, 04 Apr 2026 10:31:06 |
| CVE-2016-20051 | Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials w... | Sat, 04 Apr 2026 10:31:06 |
| CVE-2016-20050 | NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash ... | Sat, 04 Apr 2026 10:31:06 |
| CVE-2026-3666 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. ... | Sat, 04 Apr 2026 08:30:22 |
| CVE-2026-3309 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress p... | Sat, 04 Apr 2026 08:30:21 |
| CVE-2026-2936 | The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_titl... | Sat, 04 Apr 2026 08:30:21 |
| CVE-2026-1233 | The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all... | Sat, 04 Apr 2026 08:30:21 |
| CVE-2026-0626 | The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerabl... | Sat, 04 Apr 2026 08:30:21 |
| CVE-2025-14938 | The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and inclu... | Sat, 04 Apr 2026 08:30:21 |
| CVE-2026-5425 | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' param... | Sat, 04 Apr 2026 05:27:07 |
| CVE-2026-3445 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress p... | Sat, 04 Apr 2026 05:27:07 |
| CVE-2026-2826 | The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass i... | Sat, 04 Apr 2026 05:27:07 |
| CVE-2026-2437 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Si... | Sat, 04 Apr 2026 05:27:07 |
| CVE-2006-10003 | XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr ... | Sat, 04 Apr 2026 05:27:07 |
| CVE-2026-4896 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vu... | Sat, 04 Apr 2026 04:26:41 |
| CVE-2026-2600 | The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eki... | Sat, 04 Apr 2026 04:26:41 |
| CVE-2026-0738 | The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su_c... | Sat, 04 Apr 2026 04:26:41 |
| CVE-2026-0737 | The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versi... | Sat, 04 Apr 2026 04:26:41 |
| CVE-2026-0664 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' parame... | Sat, 04 Apr 2026 04:26:41 |
| CVE-2026-0552 | The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsc_display_pro... | Sat, 04 Apr 2026 04:26:41 |
| CVE-2025-15064 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin f... | Sat, 04 Apr 2026 04:26:41 |
| CVE-2025-13368 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pric... | Sat, 04 Apr 2026 04:26:41 |
| CVE-2026-34520 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the de... | Sat, 04 Apr 2026 00:23:30 |
| CVE-2026-34516 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an e... | Sat, 04 Apr 2026 00:23:30 |
| CVE-2026-33990 | Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker... | Sat, 04 Apr 2026 00:23:30 |
| CVE-2026-22815 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restric... | Sat, 04 Apr 2026 00:23:30 |
| CVE-2026-2949 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon... | Sat, 04 Apr 2026 00:23:30 |
| CVE-2026-2924 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site S... | Sat, 04 Apr 2026 00:23:30 |
| CVE-2026-3571 | The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized mod... | Fri, 03 Apr 2026 22:21:20 |
| CVE-2026-35616 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker ... | Fri, 03 Apr 2026 21:20:45 |
| CVE-2026-34780 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-... | Fri, 03 Apr 2026 21:20:44 |
| CVE-2026-34955 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOL... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34779 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34778 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34777 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34776 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34775 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34774 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34773 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34772 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34771 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34770 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34769 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34768 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34767 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-34766 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.... | Fri, 03 Apr 2026 20:20:43 |
| CVE-2026-35468 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algori... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34954 | PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the ... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34953 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token no... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34952 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections ... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34939 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied stri... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34938 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34937 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34936 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a call... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34935 | PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed direc... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34934 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL querie... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34933 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34824 | Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5,... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34788 | Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include... | Fri, 03 Apr 2026 19:20:43 |
| CVE-2026-34787 | Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion (LFI) vulnerability exis... | Fri, 03 Apr 2026 19:20:42 |
| CVE-2026-34612 | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deploym... | Fri, 03 Apr 2026 19:20:42 |
| CVE-2026-34607 | Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the em... | Fri, 03 Apr 2026 19:20:42 |
| CVE-2026-34229 | Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vulnera... | Fri, 03 Apr 2026 19:20:42 |
| CVE-2026-34228 | Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and... | Fri, 03 Apr 2026 19:20:42 |
| CVE-2026-34061 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algori... | Fri, 03 Apr 2026 19:20:42 |
| CVE-2026-34052 | LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAut... | Fri, 03 Apr 2026 19:20:42 |
| CVE-2026-33184 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algori... | Fri, 03 Apr 2026 19:20:42 |
| CVE-2025-15620 | HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web inte... | Fri, 03 Apr 2026 19:20:41 |
| CVE-2024-14034 | Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management m... | Fri, 03 Apr 2026 19:20:41 |
| CVE-2024-14033 | Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap ov... | Fri, 03 Apr 2026 19:20:41 |
| CVE-2023-7343 | HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows aut... | Fri, 03 Apr 2026 19:20:41 |
| CVE-2022-4986 | Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to cra... | Fri, 03 Apr 2026 19:20:41 |