CVE.report
CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.
CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags
The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.
cve.report now provides a free read-only JSON API for CVE details. Each record combines the CVE Program JSON record, NVD enrichment, KEV, and EPSS when available.
Recent CVEs
| CVE | Description | Updated |
|---|---|---|
| CVE-2026-39979 json | jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in ... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2026-39956 json | jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2026-6203 json | The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4.... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2026-5086 json | Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer wa... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2025-0921 json | Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 an... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2024-1573 json | Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 ... | Mon, 13 Apr 2026 19:26:32 |
| CVE-2026-40312 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-40311 json | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-40310 json | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 a... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-40183 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, th... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-40169 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a ... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-34238 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-33947 json | jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted()... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-33908 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-33905 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-6224 json | A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function crea... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-6220 json | A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of ... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-4786 json | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain brows... | Mon, 13 Apr 2026 18:25:15 |
| CVE-2026-33902 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-33900 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22566 json | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi ... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22565 json | An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the d... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22564 json | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22563 json | A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2026-22562 json | A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firm... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2025-30650 json | A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a pri... | Mon, 13 Apr 2026 18:25:14 |
| CVE-2025-54236 json | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Impr... | Mon, 13 Apr 2026 18:10:07 |
| CVE-2026-33901 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-1... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-33899 json | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 an... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-33740 json | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/i... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-33659 json | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachm... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-32272 json | Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-6219 json | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the f... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-6218 json | A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of t... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-6216 json | A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/s... | Mon, 13 Apr 2026 17:24:34 |
| CVE-2026-40043 json | Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-priv... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36947 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36946 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36945 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36944 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/re... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36943 json | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36942 json | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36941 json | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36938 json | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php. | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-36937 json | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.p... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-33657 json | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-32271 json | Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an ... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-31280 json | An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a De... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-26460 json | A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutrali... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-6197 json | A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSe... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2025-70936 json | Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling o... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2025-51414 json | In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile pictu... | Mon, 13 Apr 2026 17:24:33 |
| CVE-2026-40242 json | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fet... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-40189 json | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-a... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-40180 json | Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 ... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-40168 json | Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Althoug... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36923 json | Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36922 json | Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36920 json | Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examp... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36919 json | Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/exampr... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36874 json | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36873 json | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-36872 json | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php. | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-35186 json | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend co... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-34971 json | Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation bac... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-34734 json | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5904 json | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious ... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5903 json | Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to enga... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5902 json | Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer p... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5901 json | Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user ... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-5900 json | Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download prot... | Mon, 13 Apr 2026 17:24:32 |
| CVE-2026-39671 json | Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-fo... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-39647 json | Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-pl... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-39645 json | Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce al... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5899 json | Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who c... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5898 json | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoof... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5897 json | Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to ... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5896 json | Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in sp... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5895 json | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the conten... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5893 json | Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a cra... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5891 json | Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compr... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5889 json | Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive inform... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5888 json | Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensit... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5887 json | Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote a... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5886 json | Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5885 json | Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attac... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-5884 json | Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2025-48651 json | In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper ... | Mon, 13 Apr 2026 17:24:31 |
| CVE-2026-35670 json | OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to uni... | Mon, 13 Apr 2026 17:09:22 |
| CVE-2026-35669 json | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that inco... | Mon, 13 Apr 2026 17:09:22 |
| CVE-2026-35657 json | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that... | Mon, 13 Apr 2026 17:09:22 |
| CVE-2026-35656 json | OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trust... | Mon, 13 Apr 2026 17:09:22 |
| CVE-2026-35655 json | OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting to... | Mon, 13 Apr 2026 17:09:22 |
| CVE-2026-35654 json | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unau... | Mon, 13 Apr 2026 17:09:22 |
| CVE-2026-35653 json | OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows a... | Mon, 13 Apr 2026 17:09:22 |
| CVE-2026-35652 json | OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-all... | Mon, 13 Apr 2026 17:09:22 |
| CVE-2026-35651 json | OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts tha... | Mon, 13 Apr 2026 17:09:22 |
| CVE-2026-35668 json | OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read ar... | Mon, 13 Apr 2026 16:54:15 |
| CVE-2026-35666 json | OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/ti... | Mon, 13 Apr 2026 16:54:15 |
| CVE-2026-35665 json | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodi... | Mon, 13 Apr 2026 16:54:15 |