NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
4551	5.4	MEDIUM Network	-	-	Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32506	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4552	5.4	MEDIUM Network	-	-	Vulnerabilidad de deserialización de datos no confiables en Edge-Themes Archicon archicon permite la inyección de objetos. Este problema afecta a Archicon: desde n/a hasta < 1.7.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32506	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4553	5.4	MEDIUM Network	-	-	Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32507	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4554	5.4	MEDIUM Network	-	-	Vulnerabilidad de deserialización de datos no confiables en Elated-Themes Leroux leroux permite la inyección de objetos. Este problema afecta a Leroux: desde n/a hasta < 1.4.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32507	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4555	5.4	MEDIUM Network	-	-	Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32508	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4556	5.4	MEDIUM Network	-	-	Vulnerabilidad de deserialización de datos no confiables en Mikado-Themes Halstein halstein permite la inyección de objetos. Este problema afecta a Halstein: desde n/a hasta < 1.8.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32508	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4557	5.4	MEDIUM Network	-	-	Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32509	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4558	5.4	MEDIUM Network	-	-	Vulnerabilidad de deserialización de datos no confiables en Edge-Themes Gracey gracey permite la inyección de objetos. Este problema afecta a Gracey: desde n/a hasta < 1.4.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32509	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4559	5.4	MEDIUM Network	-	-	Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32510	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4560	5.4	MEDIUM Network	-	-	Vulnerabilidad de deserialización de datos no confiables en Edge-Themes Kamperen kamperen permite la inyección de objetos. Este problema afecta a Kamperen: desde n/d hasta < 1.3.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32510	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4561	5.4	MEDIUM Network	-	-	Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32511	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4562	5.4	MEDIUM Network	-	-	Vulnerabilidad de deserialización de datos no confiables en Mikado-Themes Stål stal permite la inyección de objetos. Este problema afecta a Stål: desde n/a hasta < 1.7.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32511	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4563	9.8	CRITICAL Network	-	-	Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32512	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4564	9.8	CRITICAL Network	-	-	Vulnerabilidad de deserialización de datos no confiables en Edge-Themes Pelicula pelicula-video-production-and-movie-theme permite la inyección de objetos. Este problema afecta a Pelicula: desde n/a …	CWE-502 Deserialization of Untrusted Data	CVE-2026-32512	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4565	8.8	HIGH Network	-	-	Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.	CWE-502 Deserialization of Untrusted Data	CVE-2026-32513	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4566	8.8	HIGH Network	-	-	Vulnerabilidad de deserialización de datos no confiables en Miguel Useche JS Archive List jquery-archive-list-widget permite la inyección de objetos. Este problema afecta a JS Archive List: desde n/a…	CWE-502 Deserialization of Untrusted Data	CVE-2026-32513	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4567	6.5	MEDIUM Network	-	-	Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= …	CWE-862 Missing Authorization	CVE-2026-32514	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4568	6.5	MEDIUM Network	-	-	Vulnerabilidad por falta de autorización en Anton Voytenko Petitioner petitioner permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta…	CWE-862 Missing Authorization	CVE-2026-32514	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4569	7.5	HIGH Network	-	-	Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1…	CWE-862 Missing Authorization	CVE-2026-32515	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4570	7.5	HIGH Network	-	-	Vulnerabilidad de autorización faltante en kamleshyadav Miraculous miraculous permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a …	CWE-862 Missing Authorization	CVE-2026-32515	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4571	8.5	HIGH Network	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects …	CWE-89 SQL Injection	CVE-2026-32516	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4572	8.5	HIGH Network	-	-	Neutralización Incorrecta de Elementos Especiales utilizados en un Comando SQL ('inyección SQL') vulnerabilidad en kamleshyadav Miraculous Core Plugin miraculouscore permite inyección SQL a ciegas. E…	CWE-89 SQL Injection	CVE-2026-32516	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4573	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: fr…	CWE-79 Cross-site Scripting	CVE-2026-32517	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4574	7.1	HIGH Network	-	-	Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en Kleor Contact Manager contact-manager permite XSS Reflejado. Este problema afec…	CWE-79 Cross-site Scripting	CVE-2026-32517	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4575	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8.	CWE-79 Cross-site Scripting	CVE-2026-32518	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4576	7.1	HIGH Network	-	-	Vulnerabilidad de Neutralización Inadecuada de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') en imithemes Gaea gaea permite XSS Reflejado. Este problema afecta a Gaea: desd…	CWE-79 Cross-site Scripting	CVE-2026-32518	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4577	9.0	CRITICAL Network	-	-	Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2.	CWE-266 Incorrect Privilege Assignment	CVE-2026-32519	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4578	9.0	CRITICAL Network	-	-	Vulnerabilidad de Asignación Incorrecta de Privilegios en Bit Apps Bit SMTP bit-smtp permite la escalada de privilegios. Este problema afecta a Bit SMTP: desde n/a hasta <= 1.2.2.	CWE-266 Incorrect Privilege Assignment	CVE-2026-32519	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4579	9.8	CRITICAL Network	-	-	Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4.	CWE-266 Incorrect Privilege Assignment	CVE-2026-32520	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4580	9.8	CRITICAL Network	-	-	Vulnerabilidad de Asignación Incorrecta de Privilegios en Andrew Munro / AffiliateWP RewardsWP rewardswp permite la escalada de privilegios. Este problema afecta a RewardsWP: desde n/d hasta <= 1.…	CWE-266 Incorrect Privilege Assignment	CVE-2026-32520	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4581	6.5	MEDIUM Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XS…	CWE-79 Cross-site Scripting	CVE-2026-32521	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4582	6.5	MEDIUM Network	-	-	Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface p…	CWE-79 Cross-site Scripting	CVE-2026-32521	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4583	8.6	HIGH Network	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This…	CWE-22 Path Traversal	CVE-2026-32522	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4584	8.6	HIGH Network	-	-	Vulnerabilidad de Limitación Incorrecta de un Nombre de Ruta a un Directorio Restringido ('Salto de Ruta') en vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system permite Salt…	CWE-22 Path Traversal	CVE-2026-32522	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4585	9.9	CRITICAL Network	-	-	Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-32523	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4586	9.9	CRITICAL Network	-	-	Vulnerabilidad de carga sin restricciones de archivo con tipo peligroso en denishua WPJAM Basic wpjam-basic permite el uso de archivos maliciosos. Este problema afecta a WPJAM Basic: desde n/a hasta …	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-32523	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4587	9.1	CRITICAL Network	-	-	Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-32524	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4588	9.1	CRITICAL Network	-	-	Una vulnerabilidad de carga sin restricciones de archivo con tipo peligroso en Jordy Meow Photo Engine wplr-sync permite cargar un shell web a un servidor web. Este problema afecta a Photo Engine: de…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-32524	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4589	9.9	CRITICAL Network	-	-	Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6…	CWE-94 Code Injection	CVE-2026-32525	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4590	9.9	CRITICAL Network	-	-	Vulnerabilidad de Control Inadecuado de la Generación de Código ('Inyección de Código') en jetmonsters JetFormBuilder jetformbuilder permite la Inyección de Código. Este problema afecta a JetFormBuil…	CWE-94 Code Injection	CVE-2026-32525	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4591	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.…	CWE-79 Cross-site Scripting	CVE-2026-32526	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4592	7.1	HIGH Network	-	-	Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery …	CWE-79 Cross-site Scripting	CVE-2026-32526	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4593	6.5	MEDIUM Network	-	-	Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control …	CWE-862 Missing Authorization	CVE-2026-32527	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4594	6.5	MEDIUM Network	-	-	Vulnerabilidad de autorización faltante en CRM Perks WP Insightly para Contact Form 7, WPForms, Elementor, Formidable y Ninja Forms cf7-insightly permite la explotación de niveles de seguridad de con…	CWE-862 Missing Authorization	CVE-2026-32527	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4595	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.	CWE-79 Cross-site Scripting	CVE-2026-32528	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4596	7.1	HIGH Network	-	-	Neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site scripting') vulnerabilidad en don-themes Riode riode permite XSS reflejado. Este problema afecta a Riode: des…	CWE-79 Cross-site Scripting	CVE-2026-32528	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4597	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.	CWE-79 Cross-site Scripting	CVE-2026-32529	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4598	7.1	HIGH Network	-	-	Neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site scripting') vulnerabilidad en don-themes Molla molla permite XSS Reflejado. Este problema afecta a Molla: des…	CWE-79 Cross-site Scripting	CVE-2026-32529	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4599	8.8	HIGH Network	-	-	Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18.	CWE-266 Incorrect Privilege Assignment	CVE-2026-32530	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4600	8.8	HIGH Network	-	-	Vulnerabilidad de Asignación Incorrecta de Privilegios en WPFunnels Creator LMS creatorlms permite la escalada de privilegios. Este problema afecta a Creator LMS: desde n/a hasta <= 1.1.18.	CWE-266 Incorrect Privilege Assignment	CVE-2026-32530	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm