NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:April 27, 2026, 1:20 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
51	5.5	MEDIUM Local	-	-	RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-by… New	CWE-120 Classic Buffer Overflow	CVE-2018-25276	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

52	6.2	MEDIUM Local	-	-	Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the… New	CWE-120 Classic Buffer Overflow	CVE-2018-25275	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

53	6.2	MEDIUM Local	-	-	InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file conta… New	CWE-789 Memory Allocation with Excessive Size Value	CVE-2018-25274	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

54	6.2	MEDIUM Local	-	-	CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malic… New	CWE-120 Classic Buffer Overflow	CVE-2018-25273	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

55	6.2	MEDIUM Local	-	-	TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a … New	CWE-120 Classic Buffer Overflow	CVE-2018-25264	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

56	8.4	HIGH Local	-	-	Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attacker… New	CWE-120 Classic Buffer Overflow	CVE-2018-25263	2026-04-27 07:17	2026-04-27	Show	GitHub Exploit DB Packet Storm

57	8.1	HIGH Network	-	-	Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort… New	CWE-125 CWE-416 CWE-787 Out-of-bounds Read Use After Free Out-of-bounds Write	CVE-2026-6786	2026-04-27 04:53	2026-04-27	Show	GitHub Exploit DB Packet Storm

58	8.1	HIGH Network	-	-	Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume tha… New	CWE-125 CWE-416 CWE-787 Out-of-bounds Read Use After Free Out-of-bounds Write	CVE-2026-6785	2026-04-27 04:53	2026-04-27	Show	GitHub Exploit DB Packet Storm

59	7.1	HIGH Network	elog_project	elog	ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attac… Update	CWE-862 Missing Authorization	CVE-2025-64348	2026-04-27 04:26	2025-11-1	Show	GitHub Exploit DB Packet Storm

60	7.1	HIGH Network	elog_project	elog	ELOG permite a un usuario autenticado modificar o sobrescribir el archivo de configuración, resultando en denegación de servicio. Si la función de ejecución está específicamente habilitada con el ind… Update	CWE-862 Missing Authorization	CVE-2025-64348	2026-04-27 04:26	2025-11-1	Show	GitHub Exploit DB Packet Storm

61	9.8	CRITICAL Network	newforma	project_center	Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AU… Update	CWE-306 CWE-502 Missing Authentication for Critical Function Deserialization of Untrusted Data	CVE-2025-35051	2026-04-27 04:04	2025-10-10	Show	GitHub Exploit DB Packet Storm

62	-	-	-	-	The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not p… Update	CWE-1393 Use of Default Password	CVE-2025-26793	2026-04-27 03:56	2025-02-16	Show	GitHub Exploit DB Packet Storm

63	-	-	-	-	El panel de configuración de la interfaz gráfica de usuario web de Hirsch (anteriormente Identiv y Viscount) Enterphone MESH hasta 2024 se entrega con credenciales predeterminadas (nombre de usuario … Update	CWE-1393 Use of Default Password	CVE-2025-26793	2026-04-27 03:56	2025-02-16	Show	GitHub Exploit DB Packet Storm

64	-	-	-	-	Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system. Update	CWE-250 Execution with Unnecessary Privileges	CVE-2025-1790	2026-04-27 03:49	2026-02-14	Show	GitHub Exploit DB Packet Storm

65	-	-	-	-	Escalada de privilegios local en el plugin Genetec Sipelia. Un usuario de Windows autenticado con bajos privilegios podría explotar esta vulnerabilidad para obtener privilegios elevados en el sistema… Update	CWE-250 Execution with Unnecessary Privileges	CVE-2025-1790	2026-04-27 03:49	2026-02-14	Show	GitHub Exploit DB Packet Storm

66	7.8	HIGH Local	genetec	genetec_update_service	Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system. Update	CWE-276 Incorrect Default Permissions	CVE-2025-1789	2026-04-27 03:49	2026-02-25	Show	GitHub Exploit DB Packet Storm

67	7.8	HIGH Local	genetec	genetec_update_service	Escalada de privilegios local en el Servicio de Actualización de Genetec. Un usuario de Windows autenticado y con pocos privilegios podría explotar esta vulnerabilidad para obtener privilegios elevad… Update	CWE-276 Incorrect Default Permissions	CVE-2025-1789	2026-04-27 03:49	2026-02-25	Show	GitHub Exploit DB Packet Storm

68	4.2	MEDIUM Local	genetec	genetec_update_service	Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privil… Update	CWE-346 Origin Validation Error	CVE-2025-1787	2026-04-27 03:49	2026-02-25	Show	GitHub Exploit DB Packet Storm

69	4.2	MEDIUM Local	genetec	genetec_update_service	El administrador local podría filtrar información de la página web de configuración del Servicio de Actualización de Genetec. Un usuario de Windows autenticado y con privilegios de administrador podr… Update	CWE-346 Origin Validation Error	CVE-2025-1787	2026-04-27 03:49	2026-02-25	Show	GitHub Exploit DB Packet Storm

70	3.7	LOW Network	-	-	A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation… New	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-7041	2026-04-26 22:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

71	7.8	HIGH Local	-	-	A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description l… New	CWE-74 CWE-77 Injection Command Injection	CVE-2026-7039	2026-04-26 22:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

72	3.3	LOW Local	-	-	A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficientl… New	CWE-522 Insufficiently Protected Credentials	CVE-2026-7038	2026-04-26 21:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

73	9.8	CRITICAL Network	-	-	A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulat… New	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7037	2026-04-26 21:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

74	7.3	HIGH Network	-	-	A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal… New	CWE-22 Path Traversal	CVE-2026-7036	2026-04-26 21:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

75	8.8	HIGH Network	-	-	A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument G… New	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-7035	2026-04-26 21:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

76	8.8	HIGH Network	-	-	A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the ar… New	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-7034	2026-04-26 21:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

77	8.8	HIGH Network	-	-	A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menuf… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7033	2026-04-26 20:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

78	8.8	HIGH Network	-	-	A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack ca… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7032	2026-04-26 20:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

79	8.8	HIGH Network	-	-	A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7031	2026-04-26 19:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

80	8.8	HIGH Network	-	-	A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer over… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7030	2026-04-26 19:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

81	8.8	HIGH Network	-	-	A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can … New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7029	2026-04-26 18:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

82	4.7	MEDIUM Network	-	-	A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Perf… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7028	2026-04-26 18:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

83	2.4	LOW Network	-	-	A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to … New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-7027	2026-04-26 18:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

84	4.5	MEDIUM Network	-	-	A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-7026	2026-04-26 17:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

85	7.3	HIGH Network	-	-	A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The m… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-7025	2026-04-26 17:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

86	5.4	MEDIUM Network	-	-	A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServl… New	CWE-22 Path Traversal	CVE-2026-7024	2026-04-26 16:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

87	6.3	MEDIUM Network	-	-	A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7023	2026-04-26 16:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

88	7.3	HIGH Network	-	-	A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the compon… New	CWE-287 Improper Authentication	CVE-2026-7022	2026-04-26 15:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

89	3.5	LOW Network	-	-	A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the arg… New	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-7021	2026-04-26 15:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

90	5.6	MEDIUM Network	-	-	A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The mani… New	CWE-22 Path Traversal	CVE-2026-7020	2026-04-26 14:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

91	8.8	HIGH Network	-	-	A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads … New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-7019	2026-04-26 14:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

92	5.6	MEDIUM Network	-	-	A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/… New	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-7018	2026-04-26 13:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

93	2.4	LOW Network	-	-	A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-7016	2026-04-26 13:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

94	7.2	HIGH Network	-	-	Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation. New	CWE-684 Incorrect Provision of Specified Functionality	CVE-2026-42255	2026-04-26 13:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

95	2.4	LOW Network	-	-	A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_emai… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-7015	2026-04-26 12:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

96	2.4	LOW Network	-	-	A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site scrip… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-7014	2026-04-26 12:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

97	2.4	LOW Network	-	-	A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail_send Plugin. The manipulation of the argument f_subje… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-7013	2026-04-26 12:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

98	4.0	MEDIUM Network	-	-	Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response. New	CWE-706 Use of Incorrectly-Resolved Name or Reference	CVE-2026-42254	2026-04-26 12:15	2026-04-26	Show	GitHub Exploit DB Packet Storm

99	2.4	LOW Network	-	-	A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 results in cross site scripting… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-7012	2026-04-26 11:16	2026-04-26	Show	GitHub Exploit DB Packet Storm

100	2.4	LOW Network	-	-	A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/plugin_antispam of the component Antispam Plugin. Executing a … New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-7011	2026-04-26 10:15	2026-04-26	Show	GitHub Exploit DB Packet Storm