NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
4701	7.3	HIGH Network	-	-	Una falla de seguridad ha sido descubierta en 648540858 wvp-GB28181-pro hasta 2.7.4. Esto afecta a la función GenericFastJsonRedisSerializer del archivo src/main/java/com/genersoft/iot/vmp/conf/redis…	CWE-20 CWE-502 Improper Input Validation Deserialization of Untrusted Data	CVE-2026-4860	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4702	8.8	HIGH Network	-	-	Una vulnerabilidad de seguridad ha sido detectada en UTT HiPER 1250GW hasta 3.2.7-210907-180535. Este problema afecta a la función strcpy del archivo /goform/formConfigDnsFilterGlobal del componente …	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-4862	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4703	4.7	MEDIUM Network	-	-	A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-4875	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4704	4.7	MEDIUM Network	-	-	Se determinó una vulnerabilidad en itsourcecode Free Hotel Reservation System 1.0. El elemento afectado es una función desconocida del archivo /admin/mod_amenities/index.PHP?view=add. Esta manipulaci…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-4875	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4705	4.3	MEDIUM Network	-	-	The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' funct…	CWE-352 Origin Validation Error	CVE-2026-1032	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4706	4.3	MEDIUM Network	-	-	El plugin Conditional Menus para WordPress es vulnerable a la falsificación de petición en sitios cruzados en todas las versiones hasta la 1.2.6, inclusive. Esto se debe a la falta de validación de n…	CWE-352 Origin Validation Error	CVE-2026-1032	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4707	7.2	HIGH Network	-	-	The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and ou…	CWE-79 Cross-site Scripting	CVE-2026-2231	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4708	7.2	HIGH Network	-	-	El plugin Fluent Booking para WordPress es vulnerable a cross-site scripting almacenado a través de múltiples parámetros en todas las versiones hasta la 2.0.01, inclusive, debido a una sanitización d…	CWE-79 Cross-site Scripting	CVE-2026-2231	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4709	6.3	MEDIUM Network	-	-	A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulatio…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4876	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4710	6.3	MEDIUM Network	-	-	Una vulnerabilidad fue identificada en itsourcecode Free Hotel Reservation System 1.0. El elemento impactado es una función desconocida del archivo /admin/mod_amenities/index.php?view=editpic. Tal ma…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4876	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4711	4.3	MEDIUM Network	-	-	A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page result…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4877	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4712	4.3	MEDIUM Network	-	-	Se ha descubierto una falla de seguridad en el Sistema de Gestión de Nóminas itsourcecode hasta la versión 1.0. Esto afecta a una función desconocida del archivo /index.PHP. Realizar una manipulación…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4877	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4713	4.9	MEDIUM Network	-	-	The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the `revert_divs_to_summary` f…	CWE-79 Cross-site Scripting	CVE-2026-2389	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4714	4.9	MEDIUM Network	-	-	El plugin Complianz – GDPR/CCPA Cookie Consent para WordPress es vulnerable a Cross-Site Scripting Almacenado en todas las versiones hasta la 7.4.4.2, inclusive. Esto se debe a que la función 'revert…	CWE-79 Cross-site Scripting	CVE-2026-2389	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4715	7.5	HIGH Network	-	-	The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, an…	CWE-89 SQL Injection	CVE-2026-2511	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4716	7.5	HIGH Network	-	-	El plugin JS Help Desk – AI-Powered Support & Ticketing System para WordPress es vulnerable a inyección SQL a través del parámetro 'multiformid' en la función 'storeTickets()' en todas las versio…	CWE-89 SQL Injection	CVE-2026-2511	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

4717	4.3	MEDIUM Network	-	-	A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the ar…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4898	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4718	4.3	MEDIUM Network	-	-	Una vulnerabilidad fue identificada en code-projects Online Food Ordering System 1.0. Afectada por esta vulnerabilidad es una funcionalidad desconocida del archivo /dbfood/contact.php. La manipulació…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4898	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4719	2.4	LOW Network	-	-	A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argume…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4899	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4720	2.4	LOW Network	-	-	Se ha descubierto una falla de seguridad en el sistema de pedidos de comida en línea 1.0 de code-projects. Afectada por este problema está alguna funcionalidad desconocida del archivo /dbfood/food.PH…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4899	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4721	5.3	MEDIUM Network	-	-	A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessib…	CWE-425 CWE-552 Direct Request ('Forced Browsing') Files or Directories Accessible to External Parties	CVE-2026-4900	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4722	5.3	MEDIUM Network	-	-	Se ha identificado una debilidad en el Sistema de Pedidos de Comida en Línea 1.0 de code-projects. Esto afecta una parte desconocida del archivo /dbfood/localhost.sql. Esta manipulación provoca que l…	CWE-425 CWE-552 Direct Request ('Forced Browsing') Files or Directories Accessible to External Parties	CVE-2026-4900	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4723	2.4	LOW Network	-	-	A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site …	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4909	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4724	6.3	MEDIUM Network	-	-	A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component En…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-4907	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4725	6.3	MEDIUM Network	-	-	Una vulnerabilidad fue identificada en Page-Replica Page Replica hasta e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. El elemento impactado es la función sitemap.fetch del archivo /sitemap del componente …	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-4907	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4726	2.4	LOW Network	-	-	Se ha identificado una debilidad en code-projects Exam Form Submission 1.0/7.PHP. Esto afecta una función desconocida del archivo /admin/update_s7.PHP. Esta manipulación del argumento sname causa cro…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4909	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4727	6.5	MEDIUM Network	-	-	The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticate…	CWE-862 Missing Authorization	CVE-2026-3098	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4728	6.5	MEDIUM Network	-	-	El plugin Smart Slider 3 para WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 3.5.1.33, inclusive, a través de la función 'actionExportAll'. Esto permite a…	CWE-862 Missing Authorization	CVE-2026-3098	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4729	7.3	HIGH Network	-	-	A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such ma…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4910	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4730	7.3	HIGH Network	-	-	Una vulnerabilidad de seguridad ha sido detectada en Shenzhen Ruiming Technology Streamax Crocus bis 1.3.44. Afectada es una función desconocida del archivo /RemoteFormat.do del componente Endpoint. …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4910	2026-04-25 01:35	2026-03-27	Show	GitHub Exploit DB Packet Storm

4731	7.3	HIGH Network	-	-	A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-4953	2026-04-25 01:35	2026-03-28	Show	GitHub Exploit DB Packet Storm

4732	6.3	MEDIUM Network	-	-	A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List End…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4954	2026-04-25 01:35	2026-03-28	Show	GitHub Exploit DB Packet Storm

4733	7.3	HIGH Network	-	-	A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4955	2026-04-25 01:35	2026-03-28	Show	GitHub Exploit DB Packet Storm

4734	7.3	HIGH Network	-	-	A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4956	2026-04-25 01:35	2026-03-28	Show	GitHub Exploit DB Packet Storm

4735	5.3	MEDIUM Local	-	-	A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument D…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4530	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4736	5.3	MEDIUM Local	-	-	Se ha descubierto una falla de seguridad en apconw Aix-DB hasta 1.2.3. Esto afecta una función desconocida del archivo agent/text2sql/rag/terminology_retriever.py. Realizar una manipulación del argum…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4530	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4737	5.3	MEDIUM Network	-	-	A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to den…	CWE-404 Improper Resource Shutdown or Release	CVE-2026-4531	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4738	5.3	MEDIUM Network	-	-	Se ha identificado una debilidad en Free5GC 4.1.0. Afecta a la función HandleRegistrationComplete del archivo internal/gmm/handler.go del componente AMF. La ejecución de una manipulación puede conduc…	CWE-404 Improper Resource Shutdown or Release	CVE-2026-4531	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4739	6.4	MEDIUM Network	-	-	The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, an…	CWE-79 Cross-site Scripting	CVE-2026-3427	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4740	6.4	MEDIUM Network	-	-	El plugin Yoast SEO – Advanced SEO con guía en tiempo real e IA integrada para WordPress es vulnerable a cross-site scripting almacenado a través del atributo de bloque 'jsonText' en todas las versio…	CWE-79 Cross-site Scripting	CVE-2026-3427	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4741	7.3	HIGH Network	-	-	A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may …	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-4536	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4742	7.3	HIGH Network	-	-	Se encontró una vulnerabilidad en Acrel Environmental Monitoring Cloud Platform 1.1.0. Este problema afecta algún procesamiento desconocido. Realizar una manipulación resulta en una carga sin restric…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-4536	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4743	8.8	HIGH Network	-	-	The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequ…	CWE-269 Improper Privilege Management	CVE-2026-4314	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4744	8.8	HIGH Network	-	-	El plugin 'The Ultimate WordPress Toolkit – WP Extended' para WordPress es vulnerable a escalada de privilegios en todas las versiones hasta la 3.2.4, inclusive. Esto se debe a que el método `isDashb…	CWE-269 Improper Privilege Management	CVE-2026-4314	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4745	4.7	MEDIUM Network	-	-	A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation c…	CWE-74 CWE-77 Injection Command Injection	CVE-2026-4537	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4746	4.7	MEDIUM Network	-	-	Se determinó una vulnerabilidad en Cudy TR1200 R46-2.4.15-20250721-164017. Se ve afectada la función action_ipsec_conn del archivo /usr/bin/lib/lua/luci/controller/ipsec.lua. La ejecución de una mani…	CWE-74 CWE-77 Injection Command Injection	CVE-2026-4537	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4747	3.3	LOW Local	-	-	A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular e…	CWE-400 CWE-1333 Uncontrolled Resource Consumption Inefficient Regular Expression Complexity	CVE-2026-4539	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4748	3.3	LOW Local	-	-	Una falla de seguridad ha sido descubierta en pygments hasta la versión 2.19.2. El elemento afectado es la función AdlLexer del archivo pygments/lexers/archetype.py. La manipulación resulta en una co…	CWE-400 CWE-1333 Uncontrolled Resource Consumption Inefficient Regular Expression Complexity	CVE-2026-4539	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4749	7.3	HIGH Network	-	-	A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4540	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm

4750	7.3	HIGH Network	-	-	Una vulnerabilidad fue detectada en projectworlds Online Notes Sharing System 1.0. Este problema afecta a un procesamiento desconocido del archivo /login.php del componente Gestor de Parámetros. La m…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4540	2026-04-25 01:32	2026-03-22	Show	GitHub Exploit DB Packet Storm