Security assessment and information provision

This site provides information on security and offers web audit tools.

Annoucement Show List

April 27, 2026 - None

March 6, 2026 - None

NVD Vulnerability Information NVD Vulnerability Search Top

Update Date":April 27, 2026, 1:20 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	7.3	HIGH Network	-	-	A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7073	2026-04-27 10:16	2026-04-27
2	7.3	HIGH Network	-	-	A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7072	2026-04-27 10:16	2026-04-27
3	5.3	MEDIUM Network	-	-	A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has b… New	CWE-200 CWE-538 Information Exposure File and Directory Information Exposure	CVE-2026-7071	2026-04-27 10:16	2026-04-27
4	7.3	HIGH Network	-	-	A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the publi… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7070	2026-04-27 10:16	2026-04-27
5	8.0	HIGH Adjacent	-	-	A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within t… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7069	2026-04-27 09:16	2026-04-27
6	8.8	HIGH Adjacent	-	-	A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used. T… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7068	2026-04-27 09:16	2026-04-27
7	7.3	HIGH Network	-	-	A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publ… New	CWE-74 CWE-77 Injection Command Injection	CVE-2026-7067	2026-04-27 09:16	2026-04-27
8	7.3	HIGH Network	-	-	A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has be… New	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7066	2026-04-27 09:16	2026-04-27
9	7.3	HIGH Network	-	-	A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery. … New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-7065	2026-04-27 09:16	2026-04-27
10	9.3	CRITICAL Network	-	-	An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou… New	CWE-656 Reliance on Security Through Obscurity	CVE-2026-42363	2026-04-27 09:16	2026-04-27

JVN Vulnerability Information JVN Vulnerability Search Top

Update Date:Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	9.8	緊急 Network	scshr	hr portal	scshrのhr portalにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2025-48780	2026-02-6 10:41	2025-06-6
2	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおけるファイル名やパス名の外部制御に関する脆弱性	CWE-73 ファイル名やパス名の外部制御	CVE-2025-48781	2026-02-6 10:41	2025-06-6
3	9.8	緊急 Network	scshr	hr portal	scshrのhr portalにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2025-48782	2026-02-6 10:41	2025-06-6
4	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおけるファイル名やパス名の外部制御に関する脆弱性	CWE-73 ファイル名やパス名の外部制御	CVE-2025-48783	2026-02-6 10:41	2025-06-6
5	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2025-48784	2026-02-6 10:41	2025-06-6
6	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおける重要な機能に対する認証の欠如に関する脆弱性	CWE-306 重要な機能に対する認証の欠如解説	CVE-2025-5192	2026-02-6 10:41	2025-06-6
7	6.8	警告 Physics	Elspec LTD	G5DFR ファームウェア	Elspec LTDのG5DFR ファームウェアにおける代替パスまたはチャネルを使用した認証回避に関する脆弱性	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2025-59392	2026-02-6 10:41	2025-11-6
8	7.2	重要 Network	Sangoma	freepbx	SangomaのfreepbxにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2025-64328	2026-02-6 10:41	2025-11-7
9	6.5	警告 Network	Salesforce.com, inc.	MuleSoft Anypoint Extension Pack	Salesforce.com, inc.のMuleSoft Anypoint Extension Packにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-10875	2026-02-6 10:41	2025-11-4
10	7.5	重要 Network	Intelbras	ICIP 30 Firmware	IntelbrasのICIP 30 Firmwareにおける複数の脆弱性	CWE-255 CWE-256 CWE-522	CVE-2025-13187	2026-02-6 10:41	2025-11-14

Version update history excerpt Go To Version Update History

Support Expiration Date Go to Support Expiration Information

Target Period : 2026-03-01 〜 2026-07-31

No	Name	Normal Support	Security Support	Extended Support
1	Ruby 3.2	2026-03-31
2	MySQL 8	2026-04-19
3	Django4.2 LTS	2023-12-31		2026-04-30
4	Red Hat OpenJDK 8 for Windows		2026-05-31
5	Red Hat OpenJDK 8		2026-05-31
6	Java 8 (LTS)		2026-05-31
7	MariaDB 10.6	2026-06-30
8	SQL Server 2016 Service Pack 2	2021-07-13		2026-07-14

Excerpts from security information sites updated in the past two days Go to the Provide Information Site

2026-4-27 JST

media_news

No	Name	URL	Excerpt Of Changes	Tag
1	Ars Technica	https://arstechnica.com/	261,Strange New Worlds,S4 teaser strikes a more serious tone,“I have ever been prone to seek adventure and to investigate where wiser men would have left well enough alone.”,Jennifer Ouellette,–,4/26/ ...	English News Foreign Country Blog Site Information Gathering
2	cnet	https://www.cnet.com/	Phones,Apple's Newer Photographic Styles Changed How I Edit iPhone Photos,You aren't maximizing your iPhone's full photography potential if you aren't using Photographic Styles.,By,Prakhar Khanna,I'm ...	English News Foreign Country Blog
3	Mashable	https://mashable.com/	Look Up,Wordle today: Answer, hints for April 25, 2026,FCC expands WiFi router ban. What it means for you.,Tech,YouTube is prompting users to enable watch history. Here's the workaround.,How Critical ...	English News Foreign Country Blog
4	ScanNetSecurity	https://scan.netsecurity.ne.jp/	2026.04.27（月）,特集,2026.4.27 Mon 8:10,今日もどこかで情報漏えい第47回「2026年3月の情報漏えい」サポート詐欺被害 2億5,000万円、決算で「その他の費用」に計上,3 月に最も件数換算の被害規模が大きかったのは、株式会社穴吹ハウジングサービスによる「穴吹ハウジングサービスへのランサムウェア攻撃、約 496,000 名分の個人情報が漏えいした可能性を否定できず ...	Japanese News Information Provision

vulnerability_notification_site

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Vulnerability countermeasure information database	https://jvndb.jvn.jp/index.html	最終更新日：2026/04/27,現在の登録件数：280296件,2026/04/27,New,JVNDB-2026-012643,TOTOLINKのa3300r ファームウェアにおけるコマンドインジェクションの脆弱性,9.8（緊急）,2026/04/27,New,JVNDB-2026-012642,TOTOLINKのa3300r ファームウェアにおけるコマンドインジェクションの脆弱性,6.5（警 ...	Japanese News Organization Government Windows Linux/Unix Mac OS Information Provision