NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:April 28, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
851	6.4	MEDIUM Network	-	-	The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitizatio…	CWE-79 Cross-site Scripting	CVE-2026-5506	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

852	6.4	MEDIUM Network	-	-	The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input san…	CWE-79 Cross-site Scripting	CVE-2026-5508	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

853	4.3	MEDIUM Network	-	-	The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to …	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-4330	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

854	4.4	MEDIUM Network	-	-	The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input…	CWE-79 Cross-site Scripting	CVE-2026-5169	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

855	5.3	MEDIUM Network	-	-	The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpas_get_t…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-4654	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

856	6.4	MEDIUM Network	-	-	The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient inp…	CWE-79 Cross-site Scripting	CVE-2026-4655	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

857	6.4	MEDIUM Network	-	-	The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to i…	CWE-79 Cross-site Scripting	CVE-2026-1396	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

858	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremap_prot() The only caller of ioremap_prot() outside of the generic ioremap() implemen…	NVD-CWE-noinfo	CVE-2026-23346	2026-04-25 03:15	2026-03-25	Show	GitHub Exploit DB Packet Storm

859	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: arm64: io: Extraer el tipo de memoria de usuario en ioremap_prot() El único llamador de ioremap_prot() fuera de la implementació…	NVD-CWE-noinfo	CVE-2026-23346	2026-04-25 03:15	2026-03-25	Show	GitHub Exploit DB Packet Storm

860	6.3	MEDIUM Network	-	-	A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the co…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-5532	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

861	4.3	MEDIUM Network	-	-	A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Han…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5533	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

862	7.3	HIGH Network	-	-	A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5534	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

863	6.3	MEDIUM Network	-	-	A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5537	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

864	6.3	MEDIUM Network	-	-	A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoi…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-5538	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

865	4.3	MEDIUM Network	-	-	A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firs…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5539	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

866	7.3	HIGH Network	-	-	A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5540	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

867	4.3	MEDIUM Network	-	-	A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipu…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5541	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

868	4.3	MEDIUM Network	-	-	A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation o…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5542	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

869	6.3	MEDIUM Network	-	-	A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The mani…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5543	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

870	8.8	HIGH Network	-	-	A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument …	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-5544	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

871	6.3	MEDIUM Network	-	-	A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrest…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-5546	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

872	7.3	HIGH Network	-	-	A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. T…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5551	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

873	6.3	MEDIUM Network	-	-	A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This mani…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5552	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

874	6.3	MEDIUM Network	-	-	A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5553	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

875	7.3	HIGH Network	-	-	A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/pro…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5554	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

876	7.3	HIGH Network	-	-	A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Param…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5555	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

877	6.3	MEDIUM Network	-	-	A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/lo…	CWE-74 CWE-94 Injection Code Injection	CVE-2026-5556	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

878	6.3	MEDIUM Network	-	-	A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation res…	CWE-287 CWE-288 Improper Authentication Authentication Bypass Using an Alternate Path or Channel	CVE-2026-5557	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

879	6.3	MEDIUM Network	-	-	A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manip…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5558	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

880	6.3	MEDIUM Network	-	-	A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipu…	CWE-791 CWE-1336 Incomplete Filtering of Special Elements Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-5559	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

881	6.3	MEDIUM Network	-	-	A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5560	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

882	6.3	MEDIUM Network	-	-	A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the c…	CWE-74 CWE-707 Injection Improper Enforcement of Message or Data Structure	CVE-2026-5561	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

883	6.3	MEDIUM Network	-	-	A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipul…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5563	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

884	7.3	HIGH Network	-	-	A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5564	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

885	7.3	HIGH Network	-	-	A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter H…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5565	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

886	8.8	HIGH Network	-	-	A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind re…	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-5566	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

887	3.5	LOW Network	-	-	A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scrip…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5568	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

888	7.3	HIGH Network	-	-	A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipula…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5575	2026-04-25 03:14	2026-04-6	Show	GitHub Exploit DB Packet Storm

889	4.7	MEDIUM Network	-	-	A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manip…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-5576	2026-04-25 03:14	2026-04-6	Show	GitHub Exploit DB Packet Storm

890	8.1	HIGH Network	rwsdk	redwoodsdk	RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In…	CWE-352 Origin Validation Error	CVE-2026-39371	2026-04-25 03:14	2026-04-8	Show	GitHub Exploit DB Packet Storm

891	3.5	LOW Network	-	-	A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activitie…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5370	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

892	3.7	LOW Network	-	-	A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argum…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-5413	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

893	5.3	MEDIUM Network	-	-	A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argu…	CWE-99 Resource Injection	CVE-2026-5414	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

894	4.7	MEDIUM Network	-	-	A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. Thi…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-5417	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

895	3.3	LOW Local	-	-	A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This man…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5452	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

896	3.3	LOW Local	-	-	A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulat…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5454	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

897	3.3	LOW Local	-	-	A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5455	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

898	7.3	HIGH Network	-	-	A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClient…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-5418	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

899	2.5	LOW Local	-	-	A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. …	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5420	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

900	3.3	LOW Local	-	-	A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5453	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm