NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:April 29, 2026, 4:51 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1601	8.1	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro videopro allows PHP Local File Inclusion.This issue affe…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2025-58913	2026-04-25 03:00	2026-04-10	Show	GitHub Exploit DB Packet Storm

1602	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato cerato allows Reflected XSS.This issue affects Cerato: from n/a through <= 2.2…	CWE-79 Cross-site Scripting	CVE-2025-58920	2026-04-25 03:00	2026-04-10	Show	GitHub Exploit DB Packet Storm

1603	7.5	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.Th…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2025-5804	2026-04-25 03:00	2026-04-10	Show	GitHub Exploit DB Packet Storm

1604	6.4	MEDIUM Network	-	-	The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient inpu…	CWE-79 Cross-site Scripting	CVE-2026-3498	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1605	6.5	MEDIUM Network	-	-	The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied para…	CWE-89 SQL Injection	CVE-2026-5207	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1606	6.1	MEDIUM Network	-	-	The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient outp…	CWE-79 Cross-site Scripting	CVE-2026-5226	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1607	5.4	MEDIUM Network	-	-	The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing p…	CWE-862 Missing Authorization	CVE-2026-3358	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1608	4.3	MEDIUM Network	-	-	The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authori…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-3371	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1609	6.4	MEDIUM Network	-	-	The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitiz…	CWE-79 Cross-site Scripting	CVE-2026-4895	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1610	7.3	HIGH Network	-	-	A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component…	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-6105	2026-04-25 03:00	2026-04-12	Show	GitHub Exploit DB Packet Storm

1611	5.0	MEDIUM Network	-	-	The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, an…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-4979	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1612	8.8	HIGH Network	-	-	The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblo…	CWE-269 Improper Privilege Management	CVE-2026-5144	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1613	7.2	HIGH Network	-	-	The Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2…	CWE-79 Cross-site Scripting	CVE-2026-5217	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1614	7.1	HIGH Network	-	-	The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action han…	CWE-73 External Control of File Name or Path	CVE-2026-5809	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

1615	3.5	LOW Network	-	-	A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the co…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6106	2026-04-25 03:00	2026-04-12	Show	GitHub Exploit DB Packet Storm

1616	3.5	LOW Network	-	-	A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware.…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6107	2026-04-25 03:00	2026-04-12	Show	GitHub Exploit DB Packet Storm

1617	6.3	MEDIUM Network	-	-	A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Mod…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-6108	2026-04-25 03:00	2026-04-12	Show	GitHub Exploit DB Packet Storm

1618	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efi_free_boot_services() frees memory occupied by EFI_BOOT_SERVICES_CODE and EFI_B…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23352	2026-04-25 02:59	2026-03-25	Show	GitHub Exploit DB Packet Storm

1619	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: x86/efi: aplazar la liberación de la memoria de servicios de arranque efi_free_boot_services() libera la memoria ocupada por EFI…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23352	2026-04-25 02:59	2026-03-25	Show	GitHub Exploit DB Packet Storm

1620	6.3	MEDIUM Network	-	-	A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload End…	CWE-264 CWE-265 Permissions, Privileges, and Access Controls Privilege Issues	CVE-2026-6117	2026-04-25 02:58	2026-04-12	Show	GitHub Exploit DB Packet Storm

1621	6.3	MEDIUM Network	-	-	A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulat…	CWE-74 CWE-77 Injection Command Injection	CVE-2026-6118	2026-04-25 02:58	2026-04-12	Show	GitHub Exploit DB Packet Storm

1622	6.3	MEDIUM Network	-	-	A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request fo…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-6119	2026-04-25 02:58	2026-04-12	Show	GitHub Exploit DB Packet Storm

1623	6.3	MEDIUM Network	-	-	A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler…	CWE-74 CWE-94 Injection Code Injection	CVE-2026-6125	2026-04-25 02:58	2026-04-12	Show	GitHub Exploit DB Packet Storm

1624	7.3	HIGH Network	-	-	A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missin…	CWE-287 CWE-306 Improper Authentication Missing Authentication for Critical Function	CVE-2026-6126	2026-04-25 02:58	2026-04-12	Show	GitHub Exploit DB Packet Storm

1625	7.3	HIGH Network	-	-	A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing aut…	CWE-287 CWE-306 Improper Authentication Missing Authentication for Critical Function	CVE-2026-6129	2026-04-25 02:58	2026-04-13	Show	GitHub Exploit DB Packet Storm

1626	7.3	HIGH Network	-	-	A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server …	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-6130	2026-04-25 02:58	2026-04-13	Show	GitHub Exploit DB Packet Storm

1627	6.3	MEDIUM Network	-	-	A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lea…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-6141	2026-04-25 02:58	2026-04-13	Show	GitHub Exploit DB Packet Storm

1628	7.3	HIGH Network	-	-	A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roo…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6142	2026-04-25 02:58	2026-04-13	Show	GitHub Exploit DB Packet Storm

1629	6.3	MEDIUM Network	-	-	A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. …	CWE-346 CWE-942 Origin Validation Error Permissive Cross-domain Policy with Untrusted Domains	CVE-2026-6143	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1630	7.3	HIGH Network	-	-	A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6148	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1631	7.3	HIGH Network	-	-	A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6149	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1632	4.3	MEDIUM Network	-	-	A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross s…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6150	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1633	7.3	HIGH Network	-	-	A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argumen…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6151	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1634	7.3	HIGH Network	-	-	A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6152	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1635	7.3	HIGH Network	-	-	A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument S…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6153	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1636	4.3	MEDIUM Network	-	-	A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such ma…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6159	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1637	5.3	MEDIUM Network	-	-	A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation re…	CWE-200 CWE-538 Information Exposure File and Directory Information Exposure	CVE-2026-6160	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1638	7.3	HIGH Network	-	-	A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argum…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6161	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1639	3.5	LOW Network	-	-	A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdat…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6162	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1640	7.3	HIGH Network	-	-	A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6163	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1641	7.3	HIGH Network	-	-	A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6164	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1642	7.3	HIGH Network	-	-	A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argu…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6165	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1643	7.3	HIGH Network	-	-	A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipul…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6166	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1644	7.3	HIGH Network	-	-	A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injecti…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6167	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1645	3.5	LOW Network	-	-	A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting.…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-15632	2026-04-25 02:57	2026-04-13	Show	GitHub Exploit DB Packet Storm

1646	9.8	CRITICAL Network	-	-	Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, m…	CWE-347 Improper Verification of Cryptographic Signature	CVE-2026-6911	2026-04-25 02:56	2026-04-25	Show	GitHub Exploit DB Packet Storm

1647	8.8	HIGH Network	-	-	Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to …	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-6912	2026-04-25 02:56	2026-04-25	Show	GitHub Exploit DB Packet Storm

1648	4.9	MEDIUM Network	-	-	Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code	CWE-79 Cross-site Scripting	CVE-2026-31050	2026-04-25 02:55	2026-04-25	Show	GitHub Exploit DB Packet Storm

1649	3.8	LOW Network	-	-	An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component	CWE-400 Uncontrolled Resource Consumption	CVE-2026-31051	2026-04-25 02:55	2026-04-25	Show	GitHub Exploit DB Packet Storm

1650	5.3	MEDIUM Network	-	-	An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component	CWE-400 Uncontrolled Resource Consumption	CVE-2026-31052	2026-04-25 02:55	2026-04-25	Show	GitHub Exploit DB Packet Storm