NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 2, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2501	4.3	MEDIUM Network	-	-	A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried…	CWE-352 CWE-862 Origin Validation Error Missing Authorization	CVE-2026-4971	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2502	2.4	LOW Network	-	-	A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.ph…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4972	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2503	3.5	LOW Network	-	-	A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulatio…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4973	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2504	4.3	MEDIUM Network	-	-	A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the arg…	CWE-189 CWE-190 Numeric Errors Integer Overflow or Wraparound	CVE-2026-4985	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2505	7.3	HIGH Network	-	-	A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argu…	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-4990	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2506	8.0	HIGH Network	-	-	The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag…	CWE-285 Improper Authorization	CVE-2026-4248	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2507	8.0	HIGH Network	-	-	El plugin Ultimate Member para WordPress es vulnerable a la exposición de información sensible en todas las versiones hasta e incluyendo la 2.11.2. Esto se debe a que la etiqueta de plantilla '{userm…	CWE-285 Improper Authorization	CVE-2026-4248	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2508	3.5	LOW Network	-	-	A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Perfo…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4991	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2509	3.5	LOW Network	-	-	Una vulnerabilidad fue detectada en QDOCS Smart School Management System hasta la versión 7.2. El elemento afectado es una función desconocida del archivo /admin/enquiry del componente Módulo de Cons…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4991	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2510	4.3	MEDIUM Network	-	-	A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulati…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4992	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2511	4.3	MEDIUM Network	-	-	Se ha encontrado una vulnerabilidad en wandb OpenUI hasta la versión 1.0. Esto afecta a la función create_share/get_share del archivo backend/openui/server.py del componente HTMLAnnotator Component. …	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4992	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2512	7.5	HIGH Network	-	-	The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the crea…	CWE-20 Improper Input Validation	CVE-2026-4987	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2513	7.5	HIGH Network	-	-	El plugin SureForms – Contact Form, Payment Form & Other Custom Form Builder para WordPress es vulnerable a la Omisión de Cantidad de Pago en todas las versiones hasta la 2.5.2, inclusive. Esto s…	CWE-20 Improper Input Validation	CVE-2026-4987	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2514	7.2	HIGH Network	-	-	The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unau…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2025-12886	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2515	7.2	HIGH Network	-	-	El tema Oxygen Theme para WordPress es vulnerable a falsificación de petición del lado del servidor en todas las versiones hasta la 6.0.8, inclusive, a través de la acción AJAX laborator_calc_route. …	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2025-12886	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2516	6.5	MEDIUM Network	-	-	The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback functio…	CWE-200 Information Exposure	CVE-2026-1307	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2517	6.5	MEDIUM Network	-	-	El plugin Ninja Forms - The Contact Form Builder That Grows With You para WordPress es vulnerable a la Exposición de Información Sensible en todas las versiones hasta la 3.14.1, inclusive, a través d…	CWE-200 Information Exposure	CVE-2026-1307	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2518	3.3	LOW Local	-	-	A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to h…	CWE-259 CWE-798 Use of Hard-coded Password Use of Hard-coded Credentials	CVE-2026-4993	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2519	3.3	LOW Local	-	-	Se ha encontrado una vulnerabilidad en wandb OpenUI hasta 0.0.0.0/1.0. Esto afecta una función desconocida del archivo backend/openui/config.py. La manipulación del argumento LITELLM_MASTER_KEY condu…	CWE-259 CWE-798 Use of Hard-coded Password Use of Hard-coded Credentials	CVE-2026-4993	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2520	3.5	LOW Adjacent	-	-	A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The mani…	CWE-200 CWE-209 Information Exposure Information Exposure Through an Error Message	CVE-2026-4994	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2521	5.3	MEDIUM Network	-	-	The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in all versions up to, and including, 2.…	CWE-93 CRLF Injection	CVE-2026-2442	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2522	5.3	MEDIUM Network	-	-	El Page Builder: Pagelayer – plugin constructor de sitios web de arrastrar y soltar para WordPress es vulnerable a la Neutralización Incorrecta de Secuencias CRLF ('Inyección CRLF') en todas las vers…	CWE-93 CRLF Injection	CVE-2026-2442	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2523	3.5	LOW Adjacent	-	-	Se encontró una vulnerabilidad en wandb OpenUI hasta 1.0/3.5-turb. Afecta a la función generic_exception_handler del archivo backend/openui/server.py del componente Gestor de APIStatusError. La manip…	CWE-200 CWE-209 Information Exposure Information Exposure Through an Error Message	CVE-2026-4994	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2524	3.5	LOW Network	-	-	A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message E…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4995	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2525	3.5	LOW Network	-	-	Se determinó una vulnerabilidad en wandb OpenUI hasta la versión 1.0. Afectada por esta vulnerabilidad es una funcionalidad desconocida del archivo frontend/public/annotator/index.html del componente…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4995	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2526	5.4	MEDIUM Network	-	-	The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.98.1 due to insufficient input sanitization and output…	CWE-79 Cross-site Scripting	CVE-2026-2595	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2527	5.4	MEDIUM Network	-	-	El plugin Quads Ads Manager para Google AdSense para WordPress es vulnerable a cross-site scripting almacenado en versiones hasta la 2.0.98.1, inclusive, debido a una sanitización de entrada y un esc…	CWE-79 Cross-site Scripting	CVE-2026-2595	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2528	7.3	HIGH Network	-	-	A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_relevant_ques…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4996	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2529	7.3	HIGH Network	-	-	Una vulnerabilidad fue identificada en Sinaptik AI PandasAI hasta 0.1.4. Afectada por este problema es la función delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_releva…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4996	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2530	5.3	MEDIUM Network	-	-	A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of the file pandasai/helpers/sql_sanitizer.py. Performing a manipulation results i…	CWE-22 Path Traversal	CVE-2026-4997	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2531	5.3	MEDIUM Network	-	-	Una falla de seguridad ha sido descubierta en Sinaptik AI PandasAI hasta 3.0.0. Esto afecta a la función is_sql_query_safe del archivo pandasai/helpers/sql_sanitizer.py. Realizar una manipulación res…	CWE-22 Path Traversal	CVE-2026-4997	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2532	7.3	HIGH Network	-	-	A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/code_execution/code_executor.py of the compo…	CWE-74 CWE-94 Injection Code Injection	CVE-2026-4998	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2533	7.3	HIGH Network	-	-	Se ha identificado una debilidad en Sinaptik AI PandasAI hasta la versión 3.0.0. Esta vulnerabilidad afecta a la función CodeExecutor.execute del archivo pandasai/core/code_execution/code_executor.py…	CWE-74 CWE-94 Injection Code Injection	CVE-2026-4998	2026-04-25 01:36	2026-03-28	Show	GitHub Exploit DB Packet Storm

2534	5.3	MEDIUM Local	-	-	A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulatio…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-5007	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2535	5.3	MEDIUM Local	-	-	Se identificó una vulnerabilidad en kazuph mcp-docs-rag hasta la versión 0.5.0. La función afectada es cloneRepository del archivo src/index.ts del componente add_git_repository/add_text_file. La man…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-5007	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2536	6.3	MEDIUM Network	-	-	A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argum…	CWE-74 CWE-94 Injection Code Injection	CVE-2026-5011	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2537	6.3	MEDIUM Network	-	-	A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the compon…	CWE-22 Path Traversal	CVE-2026-4999	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2538	6.3	MEDIUM Network	-	-	Una vulnerabilidad de seguridad ha sido detectada en z-9527 admin hasta 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. Este problema afecta la función uploadFile del archivo /server/utils/upload.js del co…	CWE-22 Path Traversal	CVE-2026-4999	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2539	7.3	HIGH Network	-	-	A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endp…	CWE-287 CWE-306 Improper Authentication Missing Authentication for Critical Function	CVE-2026-5000	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2540	7.3	HIGH Network	-	-	Se detectó una vulnerabilidad en PromtEngineer localGPT hasta 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Afectada es la función LocalGPTHandler del archivo backend/server.py del componente API Endpoin…	CWE-287 CWE-306 Improper Authentication Missing Authentication for Critical Function	CVE-2026-5000	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2541	7.3	HIGH Network	-	-	A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes un…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-5001	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2542	7.3	HIGH Network	-	-	Se ha encontrado una vulnerabilidad en PromtEngineer localGPT hasta 4d41c7d1713b16b216d8e062e51a5dd88b20b054. El elemento afectado es la función do_POST del archivo backend/servidor.py. Esta manipula…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-5001	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2543	6.3	MEDIUM Network	-	-	Se detectó una vulnerabilidad en elecV2 elecV2P hasta 3.8.3. Esta vulnerabilidad afecta la función runJSFile del archivo /webhook del componente JSON Parser. Realizar una manipulación del argumento r…	CWE-74 CWE-94 Injection Code Injection	CVE-2026-5011	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2544	7.3	HIGH Network	-	-	A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed rem…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-5012	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2545	7.3	HIGH Network	-	-	Se ha encontrado una falla en elecV2 elecV2P hasta la versión 3.8.3. Este problema afecta a la función pm2run del archivo /rpc. La ejecución de una manipulación puede llevar a una inyección de comand…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-5012	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2546	7.3	HIGH Network	-	-	A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of t…	CWE-74 CWE-707 Injection Improper Enforcement of Message or Data Structure	CVE-2026-5002	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2547	7.3	HIGH Network	-	-	Se ha encontrado una vulnerabilidad en PromtEngineer localGPT hasta 4d41c7d1713b16b216d8e062e51a5dd88b20b054. El elemento afectado es la función _route_using_overviews del archivo backend/server.py d…	CWE-74 CWE-707 Injection Improper Enforcement of Message or Data Structure	CVE-2026-5002	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2548	5.3	MEDIUM Network	-	-	A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. This affects the function handle_index of the file rag_system/api_server.py of the component Web In…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-5003	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2549	5.3	MEDIUM Network	-	-	Se encontró una vulnerabilidad en PromtEngineer localGPT hasta 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Esto afecta la función handle_index del archivo rag_system/api_server.py del componente Interf…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-5003	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm

2550	5.3	MEDIUM Network	-	-	A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is p…	CWE-22 Path Traversal	CVE-2026-5013	2026-04-25 01:36	2026-03-29	Show	GitHub Exploit DB Packet Storm