NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:April 29, 2026, 4:51 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1151	6.4	MEDIUM Network	-	-	The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to i…	CWE-79 Cross-site Scripting	CVE-2026-1396	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

1152	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremap_prot() The only caller of ioremap_prot() outside of the generic ioremap() implemen…	NVD-CWE-noinfo	CVE-2026-23346	2026-04-25 03:15	2026-03-25	Show	GitHub Exploit DB Packet Storm

1153	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: arm64: io: Extraer el tipo de memoria de usuario en ioremap_prot() El único llamador de ioremap_prot() fuera de la implementació…	NVD-CWE-noinfo	CVE-2026-23346	2026-04-25 03:15	2026-03-25	Show	GitHub Exploit DB Packet Storm

1154	6.3	MEDIUM Network	-	-	A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the co…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-5532	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1155	4.3	MEDIUM Network	-	-	A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Han…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5533	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1156	7.3	HIGH Network	-	-	A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5534	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1157	6.3	MEDIUM Network	-	-	A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5537	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1158	6.3	MEDIUM Network	-	-	A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoi…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-5538	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1159	4.3	MEDIUM Network	-	-	A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firs…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5539	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1160	7.3	HIGH Network	-	-	A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5540	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1161	4.3	MEDIUM Network	-	-	A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipu…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5541	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1162	4.3	MEDIUM Network	-	-	A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation o…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5542	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1163	6.3	MEDIUM Network	-	-	A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The mani…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5543	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1164	8.8	HIGH Network	-	-	A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument …	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-5544	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1165	6.3	MEDIUM Network	-	-	A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrest…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-5546	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1166	7.3	HIGH Network	-	-	A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. T…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5551	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1167	6.3	MEDIUM Network	-	-	A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This mani…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5552	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1168	6.3	MEDIUM Network	-	-	A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5553	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1169	7.3	HIGH Network	-	-	A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/pro…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5554	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1170	7.3	HIGH Network	-	-	A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Param…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5555	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1171	6.3	MEDIUM Network	-	-	A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/lo…	CWE-74 CWE-94 Injection Code Injection	CVE-2026-5556	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1172	6.3	MEDIUM Network	-	-	A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation res…	CWE-287 CWE-288 Improper Authentication Authentication Bypass Using an Alternate Path or Channel	CVE-2026-5557	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1173	6.3	MEDIUM Network	-	-	A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manip…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5558	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1174	6.3	MEDIUM Network	-	-	A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipu…	CWE-791 CWE-1336 Incomplete Filtering of Special Elements Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-5559	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1175	6.3	MEDIUM Network	-	-	A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5560	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1176	6.3	MEDIUM Network	-	-	A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the c…	CWE-74 CWE-707 Injection Improper Enforcement of Message or Data Structure	CVE-2026-5561	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1177	6.3	MEDIUM Network	-	-	A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipul…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5563	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1178	7.3	HIGH Network	-	-	A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5564	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1179	7.3	HIGH Network	-	-	A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter H…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5565	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1180	8.8	HIGH Network	-	-	A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind re…	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-5566	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1181	3.5	LOW Network	-	-	A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scrip…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5568	2026-04-25 03:14	2026-04-5	Show	GitHub Exploit DB Packet Storm

1182	7.3	HIGH Network	-	-	A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipula…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5575	2026-04-25 03:14	2026-04-6	Show	GitHub Exploit DB Packet Storm

1183	4.7	MEDIUM Network	-	-	A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manip…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-5576	2026-04-25 03:14	2026-04-6	Show	GitHub Exploit DB Packet Storm

1184	8.1	HIGH Network	rwsdk	redwoodsdk	RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In…	CWE-352 Origin Validation Error	CVE-2026-39371	2026-04-25 03:14	2026-04-8	Show	GitHub Exploit DB Packet Storm

1185	3.5	LOW Network	-	-	A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activitie…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5370	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1186	3.7	LOW Network	-	-	A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argum…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-5413	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1187	5.3	MEDIUM Network	-	-	A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argu…	CWE-99 Resource Injection	CVE-2026-5414	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1188	4.7	MEDIUM Network	-	-	A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. Thi…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-5417	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1189	3.3	LOW Local	-	-	A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This man…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5452	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1190	3.3	LOW Local	-	-	A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulat…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5454	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1191	3.3	LOW Local	-	-	A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5455	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1192	7.3	HIGH Network	-	-	A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClient…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-5418	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1193	2.5	LOW Local	-	-	A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. …	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5420	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1194	3.3	LOW Local	-	-	A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5453	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1195	3.3	LOW Local	-	-	A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the comp…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5456	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1196	3.3	LOW Local	-	-	A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of …	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5457	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1197	3.3	LOW Local	-	-	A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5458	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1198	3.3	LOW Local	-	-	A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5462	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1199	8.1	HIGH Network	-	-	The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method proc…	CWE-22 Path Traversal	CVE-2026-4350	2026-04-25 03:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

1200	3.3	LOW Local	-	-	A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory…	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-5471	2026-04-25 03:13	2026-04-4	Show	GitHub Exploit DB Packet Storm