NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 1, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2001	4.3	MEDIUM Network	-	-	A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executi…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-5960	2026-04-25 03:02	2026-04-10	Show	GitHub Exploit DB Packet Storm

2002	7.3	HIGH Network	-	-	A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument po…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5961	2026-04-25 03:02	2026-04-10	Show	GitHub Exploit DB Packet Storm

2003	7.3	HIGH Network	-	-	A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id result…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-5985	2026-04-25 03:02	2026-04-10	Show	GitHub Exploit DB Packet Storm

2004	5.3	MEDIUM Network	-	-	A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes ineffic…	CWE-400 CWE-1333 Uncontrolled Resource Consumption Inefficient Regular Expression Complexity	CVE-2026-5986	2026-04-25 03:02	2026-04-10	Show	GitHub Exploit DB Packet Storm

2005	4.7	MEDIUM Network	-	-	A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/c…	CWE-791 CWE-1336 Incomplete Filtering of Special Elements Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-5987	2026-04-25 03:02	2026-04-10	Show	GitHub Exploit DB Packet Storm

2006	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Un…	CWE-416 Use After Free	CVE-2026-23351	2026-04-25 03:02	2026-03-25	Show	GitHub Exploit DB Packet Storm

2007	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: netfilter: nft_set_pipapo: dividir la recolección de basura en una fase de desvinculación y una fase de recuperación Yiming Qian…	CWE-416 Use After Free	CVE-2026-23351	2026-04-25 03:02	2026-03-25	Show	GitHub Exploit DB Packet Storm

2008	6.4	MEDIUM Network	-	-	The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and mis…	CWE-79 Cross-site Scripting	CVE-2026-1263	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2009	4.3	MEDIUM Network	-	-	The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the `ahsc_ajax_reset…	CWE-352 Origin Validation Error	CVE-2026-1924	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2010	5.4	MEDIUM Network	-	-	The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the `receive_heartbeat()` function in `includes/class-wp-optimize-heartb…	CWE-863 Incorrect Authorization	CVE-2026-2712	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2011	7.5	HIGH Network	-	-	The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing auth…	CWE-862 Missing Authorization	CVE-2026-3360	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2012	4.3	MEDIUM Network	-	-	The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `makeMediaPublic()` and `makeMediaPrivate()` functions in all ver…	CWE-862 Missing Authorization	CVE-2026-4057	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2013	6.1	MEDIUM Network	-	-	The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpr_pending_template' parameter in all versions up to, and including, 1.0.16 …	CWE-79 Cross-site Scripting	CVE-2026-4305	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2014	6.3	MEDIUM Network	-	-	A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can…	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-5999	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2015	4.3	MEDIUM Network	-	-	A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Perfor…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-6000	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2016	2.4	LOW Network	-	-	A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument f…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6003	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2017	7.3	HIGH Network	-	-	A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id result…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6004	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2018	8.1	HIGH Network	-	-	The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method proce…	CWE-22 Path Traversal	CVE-2026-4351	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2019	5.3	MEDIUM Network	-	-	The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the `create_review_permissions_check()` …	CWE-287 Improper Authentication	CVE-2026-4664	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2020	4.3	MEDIUM Network	-	-	The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions up to, and including, 1.2.58 This…	CWE-862 Missing Authorization	CVE-2026-4977	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2021	5.3	MEDIUM Network	-	-	A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This man…	CWE-22 Path Traversal	CVE-2026-5998	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2022	6.4	MEDIUM Network	-	-	The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_code`, `aFhfc_body_code`, and `aFhfc_footer_code` post meta values in all versions…	CWE-79 Cross-site Scripting	CVE-2026-2305	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2023	6.3	MEDIUM Network	-	-	A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument he…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6005	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2024	6.3	MEDIUM Network	-	-	A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edit_hpatient.php. The manipulation of the argument ID l…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6006	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2025	6.3	MEDIUM Network	-	-	A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injectio…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6007	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2026	6.3	MEDIUM Network	-	-	A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Perfo…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6010	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2027	6.3	MEDIUM Network	-	-	A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql inje…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6030	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2028	7.3	HIGH Network	-	-	A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category lea…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6031	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2029	4.3	MEDIUM Network	-	-	A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in c…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6032	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2030	6.3	MEDIUM Network	-	-	A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fna…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6033	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2031	4.3	MEDIUM Network	-	-	A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the a…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6034	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2032	4.3	MEDIUM Network	-	-	A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipu…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6035	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2033	7.3	HIGH Network	-	-	A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the ar…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6036	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2034	7.3	HIGH Network	-	-	A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BR…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6037	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2035	7.3	HIGH Network	-	-	A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argum…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-6038	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2036	3.3	LOW Local	-	-	A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results …	CWE-404 CWE-407 Improper Resource Shutdown or Release Inefficient Algorithmic Complexity	CVE-2026-6042	2026-04-25 03:01	2026-04-10	Show	GitHub Exploit DB Packet Storm

2037	7.1	HIGH Network	-	-	The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to per…	CWE-862 Missing Authorization	CVE-2026-4162	2026-04-25 03:00	2026-04-10	Show	GitHub Exploit DB Packet Storm

2038	8.1	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro videopro allows PHP Local File Inclusion.This issue affe…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2025-58913	2026-04-25 03:00	2026-04-10	Show	GitHub Exploit DB Packet Storm

2039	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato cerato allows Reflected XSS.This issue affects Cerato: from n/a through <= 2.2…	CWE-79 Cross-site Scripting	CVE-2025-58920	2026-04-25 03:00	2026-04-10	Show	GitHub Exploit DB Packet Storm

2040	7.5	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.Th…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2025-5804	2026-04-25 03:00	2026-04-10	Show	GitHub Exploit DB Packet Storm

2041	6.4	MEDIUM Network	-	-	The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient inpu…	CWE-79 Cross-site Scripting	CVE-2026-3498	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

2042	6.5	MEDIUM Network	-	-	The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied para…	CWE-89 SQL Injection	CVE-2026-5207	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

2043	6.1	MEDIUM Network	-	-	The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient outp…	CWE-79 Cross-site Scripting	CVE-2026-5226	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

2044	5.4	MEDIUM Network	-	-	The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing p…	CWE-862 Missing Authorization	CVE-2026-3358	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

2045	4.3	MEDIUM Network	-	-	The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authori…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-3371	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

2046	6.4	MEDIUM Network	-	-	The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitiz…	CWE-79 Cross-site Scripting	CVE-2026-4895	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

2047	7.3	HIGH Network	-	-	A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component…	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-6105	2026-04-25 03:00	2026-04-12	Show	GitHub Exploit DB Packet Storm

2048	5.0	MEDIUM Network	-	-	The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, an…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-4979	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

2049	8.8	HIGH Network	-	-	The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblo…	CWE-269 Improper Privilege Management	CVE-2026-5144	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm

2050	7.2	HIGH Network	-	-	The Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2…	CWE-79 Cross-site Scripting	CVE-2026-5217	2026-04-25 03:00	2026-04-11	Show	GitHub Exploit DB Packet Storm