NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 1, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1951	6.4	MEDIUM Network	-	-	The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due …	CWE-79 Cross-site Scripting	CVE-2026-2509	2026-04-25 03:05	2026-04-8	Show	GitHub Exploit DB Packet Storm

1952	5.4	MEDIUM Network	-	-	The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on th…	CWE-352 Origin Validation Error	CVE-2026-0811	2026-04-25 03:05	2026-04-9	Show	GitHub Exploit DB Packet Storm

1953	4.3	MEDIUM Network	-	-	The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in all versions up to, and…	CWE-862 Missing Authorization	CVE-2026-0814	2026-04-25 03:05	2026-04-9	Show	GitHub Exploit DB Packet Storm

1954	9.8	CRITICAL Network	-	-	The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and includ…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-2942	2026-04-25 03:05	2026-04-9	Show	GitHub Exploit DB Packet Storm

1955	7.3	HIGH Network	-	-	A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command in…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-5802	2026-04-25 03:05	2026-04-9	Show	GitHub Exploit DB Packet Storm

1956	8.1	HIGH Network	-	-	The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field ke…	CWE-22 Path Traversal	CVE-2026-5436	2026-04-25 03:05	2026-04-9	Show	GitHub Exploit DB Packet Storm

1957	6.4	MEDIUM Network	-	-	The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insuffi…	CWE-79 Cross-site Scripting	CVE-2026-5451	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1958	7.3	HIGH Network	-	-	A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contact_us.php. Executing a manipulation of the argument Name …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5805	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1959	6.4	MEDIUM Network	-	-	The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 d…	CWE-79 Cross-site Scripting	CVE-2026-5711	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1960	3.5	LOW Network	-	-	A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cro…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5806	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1961	6.3	MEDIUM Network	-	-	A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-5803	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1962	4.3	MEDIUM Network	-	-	A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/(dashboard)/onboarding/clie…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5808	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1963	3.5	LOW Network	-	-	A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argume…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5810	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1964	5.4	MEDIUM Network	-	-	A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler.…	CWE-840 Business Logic Errors	CVE-2026-5811	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1965	5.4	MEDIUM Network	-	-	A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performin…	CWE-840 Business Logic Errors	CVE-2026-5812	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1966	7.3	HIGH Network	-	-	A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5813	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1967	7.3	HIGH Network	-	-	A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5814	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1968	6.3	MEDIUM Network	-	-	A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5823	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1969	7.3	HIGH Network	-	-	A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5824	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1970	4.3	MEDIUM Network	-	-	A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid resul…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5825	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1971	4.3	MEDIUM Network	-	-	A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5826	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1972	7.3	HIGH Network	-	-	A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to s…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5827	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1973	8.8	HIGH Network	-	-	The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activat…	CWE-862 Missing Authorization	CVE-2026-4326	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1974	7.3	HIGH Network	-	-	A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid r…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5828	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1975	7.3	HIGH Network	-	-	A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id c…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5829	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1976	6.3	MEDIUM Network	-	-	A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipula…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-5831	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1977	7.3	HIGH Network	-	-	A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the comp…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-5832	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1978	4.3	MEDIUM Network	-	-	The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the update_user_profile() function in controllers/f…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-3568	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1979	4.4	MEDIUM Network	-	-	The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', '…	CWE-79 Cross-site Scripting	CVE-2026-3574	2026-04-25 03:04	2026-04-9	Show	GitHub Exploit DB Packet Storm

1980	6.4	MEDIUM Network	-	-	The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in all versions…	CWE-79 Cross-site Scripting	CVE-2026-4429	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1981	2.4	LOW Network	-	-	A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_running.php. Performing a manipulation of the argument product_name resul…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5834	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1982	2.4	LOW Network	-	-	A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Executing a manipulation of the argumen…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5835	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1983	5.4	MEDIUM Network	-	-	The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wp_ajax_ziggeo_ajax handler only verifies a nonce (check_ajax_referer) but per…	CWE-862 Missing Authorization	CVE-2026-4124	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1984	6.4	MEDIUM Network	-	-	The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdm_members' shortcode in versions up to and including 3.3.52. This is due to i…	CWE-79 Cross-site Scripting	CVE-2026-5357	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1985	5.3	MEDIUM Local	-	-	A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Id…	CWE-74 CWE-77 Injection Command Injection	CVE-2026-5833	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1986	2.4	LOW Network	-	-	A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_product.php. The manipulation of the argument prod…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-5836	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1987	7.3	HIGH Network	-	-	A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The att…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5837	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1988	9.8	CRITICAL Network	-	-	The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints th…	CWE-862 Missing Authorization	CVE-2026-1830	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1989	6.4	MEDIUM Network	-	-	The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and im…	CWE-79 Cross-site Scripting	CVE-2026-5742	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1990	4.7	MEDIUM Network	-	-	A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername ca…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5838	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1991	4.7	MEDIUM Network	-	-	A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescrip…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5839	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1992	6.4	MEDIUM Network	-	-	The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling html_entity…	CWE-79 Cross-site Scripting	CVE-2026-4336	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1993	4.7	MEDIUM Network	-	-	A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Usernam…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5840	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1994	7.3	HIGH Network	-	-	A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation…	CWE-285 CWE-639 Improper Authorization Authorization Bypass Through User-Controlled Key	CVE-2026-5842	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1995	4.3	MEDIUM Network	-	-	A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipul…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-5847	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1996	4.7	MEDIUM Network	-	-	A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Dat…	CWE-74 CWE-94 Injection Code Injection	CVE-2026-5848	2026-04-25 03:03	2026-04-9	Show	GitHub Exploit DB Packet Storm

1997	7.6	HIGH Network	freescout	freescout	FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging cus…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-39384	2026-04-25 03:03	2026-04-8	Show	GitHub Exploit DB Packet Storm

1998	5.3	MEDIUM Network	-	-	The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due…	CWE-472 External Control of Assumed-Immutable Web Parameter	CVE-2026-2519	2026-04-25 03:02	2026-04-9	Show	GitHub Exploit DB Packet Storm

1999	6.4	MEDIUM Network	-	-	The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input s…	CWE-79 Cross-site Scripting	CVE-2026-3005	2026-04-25 03:02	2026-04-9	Show	GitHub Exploit DB Packet Storm

2000	6.6	MEDIUM Network	-	-	A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a…	CWE-287 Improper Authentication	CVE-2026-5959	2026-04-25 03:02	2026-04-10	Show	GitHub Exploit DB Packet Storm