Security assessment and information provision

This site provides information on security and offers web audit tools.

Annoucement Show List

April 27, 2026 - None

March 6, 2026 - None

NVD Vulnerability Information NVD Vulnerability Search Top

Update Date":April 27, 2026, 1:20 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	7.3	HIGH Network	-	-	A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7073	2026-04-27 10:16	2026-04-27
2	7.3	HIGH Network	-	-	A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7072	2026-04-27 10:16	2026-04-27
3	5.3	MEDIUM Network	-	-	A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has b… New	CWE-200 CWE-538 Information Exposure File and Directory Information Exposure	CVE-2026-7071	2026-04-27 10:16	2026-04-27
4	7.3	HIGH Network	-	-	A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the publi… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7070	2026-04-27 10:16	2026-04-27
5	8.0	HIGH Adjacent	-	-	A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within t… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7069	2026-04-27 09:16	2026-04-27
6	8.8	HIGH Adjacent	-	-	A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used. T… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7068	2026-04-27 09:16	2026-04-27
7	7.3	HIGH Network	-	-	A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been publ… New	CWE-74 CWE-77 Injection Command Injection	CVE-2026-7067	2026-04-27 09:16	2026-04-27
8	7.3	HIGH Network	-	-	A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has be… New	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7066	2026-04-27 09:16	2026-04-27
9	7.3	HIGH Network	-	-	A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery. … New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-7065	2026-04-27 09:16	2026-04-27
10	9.3	CRITICAL Network	-	-	An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou… New	CWE-656 Reliance on Security Through Obscurity	CVE-2026-42363	2026-04-27 09:16	2026-04-27

JVN Vulnerability Information JVN Vulnerability Search Top

Update Date:April 27, 2026, 8:58 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	-	-	（複数のベンダ）	（複数の製品）	CISA ICS Advisory / ICS Medical Advisory（2026年04月23日） New	-	-	2026-04-27 13:37	2026-04-24
2	7.8	重要 Local	Giskard	Giskard	Giskardにおけるテンプレートエンジンで使用される特殊な要素の不適切な無効化に関する脆弱性 New	CWE-1336 テンプレートエンジンで使用される特殊な要素の不適切な無効化	CVE-2026-40320	2026-04-27 11:29	2026-04-17
3	7.5	重要 Network	monetr	monetr	monetrにおけるリソースの枯渇に関する脆弱性 New	CWE-400 リソースの枯渇	CVE-2026-40481	2026-04-27 11:29	2026-04-17
4	5.5	警告 Local	HKUDS	OpenHarness	HKUDSのOpenHarnessにおける不正な認証に関する脆弱性 New	CWE-863 不正な認証	CVE-2026-40515	2026-04-27 11:29	2026-04-17
5	6.3	警告 Local	HKUDS	OpenHarness	HKUDSのOpenHarnessにおけるサーバサイドのリクエストフォージェリの脆弱性 New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-40516	2026-04-27 11:29	2026-04-17
6	7.6	重要 Network	HKUDS	OpenHarness	HKUDSのOpenHarnessにおける認証に関する脆弱性 New	CWE-287 不適切な認証	CVE-2026-6729	2026-04-27 11:29	2026-04-20
7	9.8	緊急 Network	Topsec Technologies Group Inc.	Tianxin Internet Behavior Management System	Topsec Technologies Group Inc.のTianxin Internet Behavior Management SystemにおけるOS コマンドインジェクションの脆弱性 New	CWE-78 OSコマンド・インジェクション	CVE-2021-4473	2026-04-27 11:29	2026-04-7
8	7.2	重要 Network	Dolibarr ERP & CRM	dolibarr erp/crm	Dolibarr ERP & CRMのdolibarr erp/crmにおける複数の脆弱性 New	CWE-94 CWE-95	CVE-2026-22666	2026-04-27 11:29	2026-04-7
9	9.8	緊急 Network	Weaver Software	Weaver e cology	Weaver SoftwareのWeaver e cologyにおける重要な機能に対する認証の欠如に関する脆弱性 New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-22679	2026-04-27 11:29	2026-04-7
10	8.8	重要 Local	PackageKit Project	PackageKit	PackageKit ProjectのPackageKitにおけるTime-of-check Time-of-use (TOCTOU) 競合状態の脆弱性 New	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-41651	2026-04-27 11:29	2026-04-22

Version update history excerpt Go To Version Update History

Support Expiration Date Go to Support Expiration Information

Target Period : 2026-03-01 〜 2026-07-31

No	Name	Normal Support	Security Support	Extended Support
1	Ruby 3.2	2026-03-31
2	MySQL 8	2026-04-19
3	Django4.2 LTS	2023-12-31		2026-04-30
4	Red Hat OpenJDK 8 for Windows		2026-05-31
5	Red Hat OpenJDK 8		2026-05-31
6	Java 8 (LTS)		2026-05-31
7	MariaDB 10.6	2026-06-30
8	SQL Server 2016 Service Pack 2	2021-07-13		2026-07-14

Excerpts from security information sites updated in the past two days Go to the Provide Information Site

2026-4-27 JST

media_news

No	Name	URL	Excerpt Of Changes	Tag
1	Ars Technica	https://arstechnica.com/	261,Strange New Worlds,S4 teaser strikes a more serious tone,“I have ever been prone to seek adventure and to investigate where wiser men would have left well enough alone.”,Jennifer Ouellette,–,4/26/ ...	English News Foreign Country Blog Site Information Gathering
2	cnet	https://www.cnet.com/	Phones,Apple's Newer Photographic Styles Changed How I Edit iPhone Photos,You aren't maximizing your iPhone's full photography potential if you aren't using Photographic Styles.,By,Prakhar Khanna,I'm ...	English News Foreign Country Blog
3	Mashable	https://mashable.com/	Look Up,Wordle today: Answer, hints for April 25, 2026,FCC expands WiFi router ban. What it means for you.,Tech,YouTube is prompting users to enable watch history. Here's the workaround.,How Critical ...	English News Foreign Country Blog