NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 3, 2026, 4:06 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3101	3.7	LOW Network	-	-	Se determinó una vulnerabilidad en kalcaddle kodbox 1.64. La función shareSafeGroup del archivo /workspace/source-code/app/controller/explorer/shareOut.class.php del componente Gestor de clave API a …	CWE-320 CWE-321 Key Management Errors Use of Hard-coded Cryptographic Key	CVE-2026-4588	2026-04-25 01:32	2026-03-23	Show	GitHub Exploit DB Packet Storm

3102	4.7	MEDIUM Network	-	-	A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-4591	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3103	6.3	MEDIUM Network	-	-	A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the co…	CWE-89 CWE-564 SQL Injection SQL Injection: Hibernate	CVE-2026-4593	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3104	6.3	MEDIUM Network	-	-	Se ha encontrado una falla en erupts erupt bis 1.13.3. Afectada por esta vulnerabilidad es la función EruptDataQuery del archivo erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java del …	CWE-89 CWE-564 SQL Injection SQL Injection: Hibernate	CVE-2026-4593	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3105	6.3	MEDIUM Network	-	-	Una vulnerabilidad fue identificada en kalcaddle kodbox 1.64. El elemento afectado es la función PathDriverUrl del archivo /workspace/source-code/app/controller/explorer/editor.class.PHP del componen…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-4589	2026-04-25 01:32	2026-03-23	Show	GitHub Exploit DB Packet Storm

3106	3.1	LOW Network	-	-	A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the compo…	CWE-352 CWE-862 Origin Validation Error Missing Authorization	CVE-2026-4590	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3107	3.1	LOW Network	-	-	Se ha descubierto una vulnerabilidad de seguridad en kalcaddle kodbox 1.64. El elemento afectado es una función desconocida del archivo /workspace/source-code/plugins/oauth/controller/bind/index.clas…	CWE-352 CWE-862 Origin Validation Error Missing Authorization	CVE-2026-4590	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3108	4.7	MEDIUM Network	-	-	Se ha identificado una debilidad en kalcaddle kodbox 1.64. Esto afecta a la función checkBin del archivo /workspace/source-code/plugins/fileThumb/app.PHP del componente fileThumb Endpoint. Ejecutar u…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-4591	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3109	5.6	MEDIUM Network	-	-	A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of…	CWE-287 Improper Authentication	CVE-2026-4592	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3110	5.6	MEDIUM Network	-	-	Una vulnerabilidad de seguridad ha sido detectada en kalcaddle kodbox 1.64. Esto afecta la función loginAfter/tfaVerify del archivo /workspace/source-code/plugins/client/controller/tfa/index.class.ph…	CWE-287 Improper Authentication	CVE-2026-4592	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3111	7.3	HIGH Network	-	-	A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.…	CWE-89 CWE-564 SQL Injection SQL Injection: Hibernate	CVE-2026-4594	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3112	2.4	LOW Network	-	-	A vulnerability was determined in code-projects Exam Form Submission 1.0. This vulnerability affects unknown code of the file /admin/update_s6.php. Executing a manipulation of the argument sname can …	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4595	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3113	2.4	LOW Network	-	-	Se determinó una vulnerabilidad en code-projects Exam Form Submission 1.0. Esta vulnerabilidad afecta código desconocido del archivo /admin/update_s6.php. La ejecución de una manipulación del argumen…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4595	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3114	7.3	HIGH Network	-	-	Una vulnerabilidad ha sido encontrada en erupts erupt hasta la versión 1.13.3. Afectada por este problema es la función geneEruptHqlOrderBy del archivo erupt-data/erupt-jpa/src/main/java/xyz/erupt/jp…	CWE-89 CWE-564 SQL Injection SQL Injection: Hibernate	CVE-2026-4594	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3115	6.3	MEDIUM Network	-	-	A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyPr…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4597	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3116	6.3	MEDIUM Network	-	-	Una falla de seguridad ha sido descubierta en 648540858 wvp-GB28181-pro hasta 2.7.4. Afectada es la función selectAll del archivo src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamPr…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4597	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3117	7.3	HIGH Network	-	-	A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter H…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4612	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3118	7.3	HIGH Network	-	-	Se ha encontrado una vulnerabilidad en itsourcecode Free Hotel Reservation System 1.0. Esto afecta una parte desconocida del archivo /hotel/admin/mod_users/index.php?view=edit&id=8 del componente…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4612	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3119	6.5	MEDIUM Network	-	-	The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sani…	CWE-89 SQL Injection	CVE-2026-2412	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3120	7.5	HIGH Network	-	-	The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied paramete…	CWE-89 SQL Injection	CVE-2026-4306	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3121	7.5	HIGH Network	-	-	El plugin WP Job Portal para WordPress es vulnerable a una inyección SQL a través del parámetro 'radius' en todas las versiones hasta la 2.4.8, incluida esta, debido a un escape insuficiente del pará…	CWE-89 SQL Injection	CVE-2026-4306	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3122	7.3	HIGH Network	-	-	A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. T…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4613	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3123	7.3	HIGH Network	-	-	Se encontró una vulnerabilidad en SourceCodester E-Commerce Site 1.0. Esta vulnerabilidad afecta código desconocido del archivo /products.PHP. La manipulación del argumento Search resulta en inyecció…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4613	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3124	6.5	MEDIUM Network	-	-	El plugin Quiz and Survey Master (QSM) para WordPress es vulnerable a inyección SQL a través del parámetro 'merged_question' en todas las versiones hasta la 10.3.5, inclusive. Esto se debe a una sani…	CWE-89 SQL Injection	CVE-2026-2412	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3125	4.3	MEDIUM Network	-	-	The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function o…	CWE-862 Missing Authorization	CVE-2026-3225	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3126	4.3	MEDIUM Network	-	-	El plugin LearnPress – WordPress LMS Plugin para WordPress es vulnerable a la eliminación no autorizada de respuestas a preguntas de cuestionario debido a una verificación de capacidad faltante en la…	CWE-862 Missing Authorization	CVE-2026-3225	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3127	4.3	MEDIUM Network	-	-	The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and includ…	CWE-862 Missing Authorization	CVE-2026-4066	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3128	4.3	MEDIUM Network	-	-	El plugin Smart Custom Fields para WordPress es vulnerable al acceso no autorizado de datos debido a una comprobación de capacidad faltante en la función relational_posts_search() en todas las versio…	CWE-862 Missing Authorization	CVE-2026-4066	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3129	8.8	HIGH Network	-	-	The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upl…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-3533	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3130	6.3	MEDIUM Network	-	-	A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4614	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3131	6.3	MEDIUM Network	-	-	Una vulnerabilidad fue determinada en itsourcecode sanitize or validate this input 1.0. Este problema afecta algún procesamiento desconocido del archivo /admin/subjects.php del componente Gestor de P…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4614	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3132	7.3	HIGH Network	-	-	A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injecti…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4615	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3133	8.8	HIGH Network	-	-	El plugin Jupiter X Core para WordPress es vulnerable a cargas de archivos limitadas debido a la falta de autorización en la función import_popup_templates() así como a una validación insuficiente de…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-3533	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3134	9.8	CRITICAL Network	-	-	The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_…	CWE-95 Eval Injection	CVE-2026-4001	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3135	9.8	CRITICAL Network	-	-	El plugin Woocommerce Custom Product Addons Pro para WordPress es vulnerable a ejecución remota de código en todas las versiones hasta la 5.4.1, inclusive, a través de la fórmula de precios personali…	CWE-95 Eval Injection	CVE-2026-4001	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3136	8.1	HIGH Network	-	-	The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmatio…	CWE-287 Improper Authentication	CVE-2026-4021	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3137	8.1	HIGH Network	-	-	El plugin Contest Gallery para WordPress es vulnerable a una omisión de autenticación que conduce a la toma de control de la cuenta de administrador en todas las versiones hasta la 28.1.5, inclusive.…	CWE-287 Improper Authentication	CVE-2026-4021	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3138	7.3	HIGH Network	-	-	Una vulnerabilidad fue identificada en SourceCodester Online Catering Reservation 1.0. Afectada es una función desconocida del archivo /search.php. Tal manipulación del argumento rcode conduce a inye…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4615	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3139	2.4	LOW Network	-	-	A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulati…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4616	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3140	7.3	HIGH Network	-	-	A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the …	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-4617	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3141	5.4	MEDIUM Network	-	-	The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions…	CWE-862 Missing Authorization	CVE-2026-4056	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3142	5.4	MEDIUM Network	-	-	El plugin User Registration & Membership para WordPress es vulnerable a la modificación no autorizada de datos debido a una comprobación de capacidad faltante en los endpoints de la API REST de R…	CWE-862 Missing Authorization	CVE-2026-4056	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3143	2.4	LOW Network	-	-	Se ha descubierto una vulnerabilidad de seguridad en bolo-blog ?? 2.6.4. El elemento afectado es una función desconocida del archivo /console/article/ del componente Gestor de Títulos de Artículo. Re…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4616	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3144	7.3	HIGH Network	-	-	Se ha identificado una debilidad en SourceCodester Patients Waiting Area Queue Management System 1.0. El elemento afectado es la función ValidateToken del archivo /PHP/api_patient_checkin.php del com…	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-4617	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3145	6.5	MEDIUM Network	-	-	The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up t…	CWE-89 SQL Injection	CVE-2026-3079	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3146	6.5	MEDIUM Network	-	-	El plugin LearnDash LMS para WordPress es vulnerable a inyección SQL ciega basada en tiempo a través del parámetro 'filters[orderby_order]' en la acción AJAX 'learndash_propanel_template' en todas la…	CWE-89 SQL Injection	CVE-2026-3079	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3147	7.3	HIGH Network	-	-	A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4624	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3148	7.3	HIGH Network	-	-	Se detectó una vulnerabilidad en SourceCodester Online Library Management System 1.0. El elemento afectado es una función desconocida del archivo /home.php del componente Gestor de Parámetros. Realiz…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4624	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3149	7.3	HIGH Network	-	-	A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql inj…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4625	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

3150	7.3	HIGH Network	-	-	Se ha encontrado un fallo en SourceCodester Online Admission System 1.0. Esto afecta a una función desconocida del archivo /programmes.php. La ejecución de una manipulación del argumento program pued…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4625	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm