NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:April 27, 2026, 1:20 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1	7.3	HIGH Network	-	-	A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attac… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7073	2026-04-27 10:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

2	7.3	HIGH Network	-	-	A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Usern… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7072	2026-04-27 10:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

3	5.3	MEDIUM Network	-	-	A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file … New	CWE-200 CWE-538 Information Exposure File and Directory Information Exposure	CVE-2026-7071	2026-04-27 10:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

4	7.3	HIGH Network	-	-	A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to … New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7070	2026-04-27 10:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

5	8.0	HIGH Adjacent	-	-	A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argum… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7069	2026-04-27 09:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

6	8.8	HIGH Adjacent	-	-	A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack ca… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7068	2026-04-27 09:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

7	7.3	HIGH Network	-	-	A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argumen… New	CWE-74 CWE-77 Injection Command Injection	CVE-2026-7067	2026-04-27 09:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

8	7.3	HIGH Network	-	-	A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulati… New	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7066	2026-04-27 09:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

9	7.3	HIGH Network	-	-	A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the comp… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-7065	2026-04-27 09:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

10	9.3	CRITICAL Network	-	-	An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att… New	CWE-656 Reliance on Security Through Obscurity	CVE-2026-42363	2026-04-27 09:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

11	4.3	MEDIUM Network	-	-	There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered. New	CWE-943 Improper Neutralization of Special Elements in Data Query Logic	CVE-2026-33566	2026-04-27 09:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

12	8.8	HIGH Network	-	-	An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user. New	CWE-78 OS Command	CVE-2026-33277	2026-04-27 09:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

13	7.3	HIGH Network	-	-	A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead… New	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7064	2026-04-27 08:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

14	7.3	HIGH Network	-	-	A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performin… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7063	2026-04-27 08:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

15	7.3	HIGH Network	-	-	A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation le… New	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7062	2026-04-27 08:16	2026-04-27	Show	GitHub Exploit DB Packet Storm

16	7.3	HIGH Network	-	-	A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. … New	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7061	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

17	7.3	HIGH Network	-	-	A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupictu… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7060	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

18	5.3	MEDIUM Network	-	-	A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing… New	CWE-22 Path Traversal	CVE-2026-7059	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

19	7.3	HIGH Network	-	-	A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the componen… New	CWE-74 CWE-77 Injection Command Injection	CVE-2026-7058	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

20	8.8	HIGH Network	-	-	A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7057	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

21	8.8	HIGH Network	-	-	A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results … New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7056	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

22	8.8	HIGH Network	-	-	A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argumen… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7055	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

23	8.8	HIGH Network	-	-	A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the a… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7054	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

24	8.8	HIGH Network	-	-	A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page re… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7053	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

25	6.3	MEDIUM Network	-	-	A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spri… New	CWE-74 CWE-707 Injection Improper Enforcement of Message or Data Structure	CVE-2026-7045	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

26	6.3	MEDIUM Network	-	-	A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can … New	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-7044	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

27	6.3	MEDIUM Network	-	-	A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The … New	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-7043	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

28	7.3	HIGH Network	-	-	A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to… New	CWE-287 CWE-306 Improper Authentication Missing Authentication for Critical Function	CVE-2026-7042	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

29	7.5	HIGH Network	libexpat_project	libexpat	libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. Update	CWE-331 Insufficient Entropy	CVE-2026-41080	2026-04-27 07:17	2026-04-17	Show	GitHub Exploit DB Packet Storm

30	6.2	MEDIUM Local	-	-	Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Cam… New	CWE-120 Classic Buffer Overflow	CVE-2018-25297	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

31	5.5	MEDIUM Local	-	-	P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input strin… New	CWE-120 Classic Buffer Overflow	CVE-2018-25296	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

32	6.2	MEDIUM Local	-	-	ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers … New	CWE-789 Memory Allocation with Excessive Size Value	CVE-2018-25295	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

33	7.5	HIGH Network	-	-	CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data… New	CWE-120 Classic Buffer Overflow	CVE-2018-25294	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

34	6.2	MEDIUM Local	-	-	Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional … New	CWE-120 Classic Buffer Overflow	CVE-2018-25293	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

35	6.2	MEDIUM Local	-	-	Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a ma… New	CWE-120 Classic Buffer Overflow	CVE-2018-25292	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

36	6.2	MEDIUM Local	-	-	Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers… New	CWE-120 Classic Buffer Overflow	CVE-2018-25291	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

37	6.2	MEDIUM Local	-	-	Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the v… New	CWE-120 Classic Buffer Overflow	CVE-2018-25290	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

38	6.2	MEDIUM Local	-	-	Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger th… New	CWE-120 Classic Buffer Overflow	CVE-2018-25289	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

39	6.2	MEDIUM Local	-	-	StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the… New	CWE-120 Classic Buffer Overflow	CVE-2018-25288	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

40	5.5	MEDIUM Local	-	-	Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a… New	CWE-120 Classic Buffer Overflow	CVE-2018-25287	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

41	6.2	MEDIUM Local	-	-	Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can in… New	CWE-120 Classic Buffer Overflow	CVE-2018-25286	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

42	5.5	MEDIUM Local	-	-	Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a… New	CWE-120 Classic Buffer Overflow	CVE-2018-25285	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

43	6.2	MEDIUM Local	-	-	HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Attackers can tri… New	CWE-120 Classic Buffer Overflow	CVE-2018-25284	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

44	8.4	HIGH Local	-	-	iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary c… New	CWE-120 Classic Buffer Overflow	CVE-2018-25283	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

45	6.2	MEDIUM Local	-	-	Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a c… New	CWE-674 Uncontrolled Recursion	CVE-2018-25282	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

46	5.5	MEDIUM Local	-	-	iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a… New	CWE-120 Classic Buffer Overflow	CVE-2018-25281	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

47	5.5	MEDIUM Local	-	-	Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 60… New	CWE-120 Classic Buffer Overflow	CVE-2018-25280	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

48	6.2	MEDIUM Local	-	-	jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted… New	CWE-789 Memory Allocation with Excessive Size Value	CVE-2018-25279	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

49	6.2	MEDIUM Local	-	-	PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte … New	CWE-120 Classic Buffer Overflow	CVE-2018-25278	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

50	6.2	MEDIUM Local	-	-	PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a paylo… New	CWE-120 Classic Buffer Overflow	CVE-2018-25277	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm