NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:May 11, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
4751 5.4 MEDIUM
Network 		- - A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the ar… CWE-22
Path Traversal 		CVE-2026-4542 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4752 5.4 MEDIUM
Network 		- - Se ha encontrado una vulnerabilidad en SSCMS 4.7.0. El elemento afectado es una función desconocida del archivo LayerImageController.Submit.cs del componente layerImage Endpoint. Dicha manipulación d… CWE-22
Path Traversal 		CVE-2026-4542 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4753 2.5 LOW
Local 		- - A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulat… CWE-345
CWE-347
 Insufficient Verification of Data Authenticity
 Improper Verification of Cryptographic Signature 		CVE-2026-4541 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4754 2.5 LOW
Local 		- - Se ha encontrado una falla en janmojzis tinyssh hasta 20250501. Afectada es una función desconocida del archivo tinyssh/crypto_sign_ed25519_tinyssh.c del componente Gestor de Firma Ed25519. Esta mani… CWE-345
CWE-347
 Insufficient Verification of Data Authenticity
 Improper Verification of Cryptographic Signature 		CVE-2026-4541 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4755 4.3 MEDIUM
Network 		- - A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkou… CWE-840
 Business Logic Errors 		CVE-2026-4547 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4756 4.3 MEDIUM
Network 		- - Una vulnerabilidad de seguridad ha sido detectada en mickasmt next-saas-stripe-starter 1.0.0. Afectada está la función generateUserStripe del archivo actions/generate-user-stripe.ts del componente Ge… CWE-840
 Business Logic Errors 		CVE-2026-4547 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4757 6.3 MEDIUM
Network 		- - A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the… CWE-266
CWE-285
 Incorrect Privilege Assignment
Improper Authorization 		CVE-2026-4548 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4758 6.3 MEDIUM
Network 		- - Una vulnerabilidad fue detectada en mickasmt next-saas-stripe-starter 1.0.0. Afectada por esta vulnerabilidad es la función updateUserrole del archivo actions/update-user-role.ts. La manipulación del… CWE-266
CWE-285
 Incorrect Privilege Assignment
Improper Authorization 		CVE-2026-4548 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4759 3.1 LOW
Network 		- - A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. Th… CWE-285
CWE-639
Improper Authorization
 Authorization Bypass Through User-Controlled Key 		CVE-2026-4549 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4760 3.1 LOW
Network 		- - Se ha encontrado una vulnerabilidad en mickasmt next-saas-stripe-starter 1.0.0. Afectada por este problema es la función openCustomerPortal del archivo actions/open-customer-portal.ts del componente … CWE-285
CWE-639
Improper Authorization
 Authorization Bypass Through User-Controlled Key 		CVE-2026-4549 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4761 4.7 MEDIUM
Network 		- - A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname lead… CWE-74
CWE-89
Injection
SQL Injection 		CVE-2026-4550 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4762 4.7 MEDIUM
Network 		- - Una vulnerabilidad ha sido encontrada en code-projects Simple Gym Management System hasta la versión 1.0. Esto afecta una parte desconocida del archivo /gym/func.php. Dicha manipulación del argumento… CWE-74
CWE-89
Injection
SQL Injection 		CVE-2026-4550 2026-04-25 01:32 2026-03-22 Show GitHub Exploit DB Packet Storm
4763 4.3 MEDIUM
Network 		- - A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in c… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4557 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4764 4.3 MEDIUM
Network 		- - Una vulnerabilidad fue detectada en code-projects Exam Form Submission 1.0. Esto impacta una función desconocida del archivo /admin/update_s1.php. Realizar una manipulación del argumento sname result… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4557 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4765 7.5 HIGH
Network 		- - The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up … CWE-89
SQL Injection 		CVE-2026-2580 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4766 7.5 HIGH
Network 		- - El plugin WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters para WordPress es vulnerable a inyección SQL basada en tiempo a través del parámetro 'orderby' en to… CWE-89
SQL Injection 		CVE-2026-2580 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4767 7.3 HIGH
Network 		- - A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation r… CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function 		CVE-2026-4562 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4768 7.3 HIGH
Network 		- - Se ha descubierto una falla de seguridad en MacCMS 2025.1000.4052. Esto afecta una parte desconocida del archivo application/api/controller/Timming.php del componente Timming API Endpoint. La manipul… CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function 		CVE-2026-4562 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4769 4.3 MEDIUM
Network 		- - A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detai… CWE-285
CWE-639
Improper Authorization
 Authorization Bypass Through User-Controlled Key 		CVE-2026-4563 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4770 4.3 MEDIUM
Network 		- - Se ha identificado una debilidad en MacCMS hasta 2025.1000.4052. Esta vulnerabilidad afecta a la función order_info del archivo application/index/controller/User.php del componente Member Order Detai… CWE-285
CWE-639
Improper Authorization
 Authorization Bypass Through User-Controlled Key 		CVE-2026-4563 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4771 4.7 MEDIUM
Network 		- - A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulat… CWE-74
CWE-94
Injection
Code Injection 		CVE-2026-4564 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4772 6.5 MEDIUM
Network 		- - The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authori… CWE-285
Improper Authorization 		CVE-2025-10736 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4773 6.5 MEDIUM
Network 		- - El plugin ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More para WordPress es vulnerable a acceso no autorizado a datos debido a controles … CWE-285
Improper Authorization 		CVE-2025-10736 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4774 5.3 MEDIUM
Network 		- - The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up t… CWE-285
Improper Authorization 		CVE-2025-10731 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4775 4.7 MEDIUM
Network 		- - Una vulnerabilidad de seguridad ha sido detectada en yangzongzhuan RuoYi hasta la versión 4.8.2. Este problema afecta a algún procesamiento desconocido del archivo /monitor/job/ del componente Gestor… CWE-74
CWE-94
Injection
Code Injection 		CVE-2026-4564 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4776 7.3 HIGH
Network 		- - The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and i… CWE-94
Code Injection 		CVE-2025-10679 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4777 7.3 HIGH
Network 		- - El plugin ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More para WordPress es vulnerable a llamadas a métodos arbitrarios en todas las vers… CWE-94
Code Injection 		CVE-2025-10679 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4778 5.3 MEDIUM
Network 		- - El plugin ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More para WordPress es vulnerable a la Exposición de Información Sensible en todas l… CWE-285
Improper Authorization 		CVE-2025-10731 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4779 5.3 MEDIUM
Network 		- - The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up t… CWE-922
 Insecure Storage of Sensitive Information 		CVE-2025-10734 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4780 5.3 MEDIUM
Network 		- - El plugin ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More para WordPress es vulnerable a la Exposición de Información Sensible en todas l… CWE-922
 Insecure Storage of Sensitive Information 		CVE-2025-10734 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4781 6.3 MEDIUM
Network 		- - A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET P… CWE-74
CWE-89
Injection
SQL Injection 		CVE-2026-4573 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4782 6.3 MEDIUM
Network 		- - Se ha detectado una vulnerabilidad de seguridad en SourceCodester Simple E-learning System 1.0. Esto afecta una parte desconocida del archivo /includes/form_handlers/delete_post.php del componente Ge… CWE-74
CWE-89
Injection
SQL Injection 		CVE-2026-4573 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4783 6.3 MEDIUM
Network 		- - A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument fir… CWE-74
CWE-89
Injection
SQL Injection 		CVE-2026-4574 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4784 6.3 MEDIUM
Network 		- - Se detectó una vulnerabilidad en SourceCodester Simple E-learning System 1.0. Esta vulnerabilidad afecta a código desconocido del componente Gestor de Actualización de Perfil de Usuario. La manipulac… CWE-74
CWE-89
Injection
SQL Injection 		CVE-2026-4574 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4785 2.4 LOW
Network 		- - A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argument sname causes cross site… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4575 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4786 2.4 LOW
Network 		- - Se ha encontrado una vulnerabilidad en code-projects Exam Form Submission 1.0. Este problema afecta a algún procesamiento desconocido del archivo /admin/update_s2.php. Esta manipulación del argumento… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4575 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4787 2.4 LOW
Network 		- - A vulnerability has been found in code-projects Exam Form Submission 1.0. Impacted is an unknown function of the file /admin/update_s5.php. Such manipulation of the argument sname leads to cross site… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4576 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4788 2.4 LOW
Network 		- - Una vulnerabilidad ha sido encontrada en code-projects Exam Form Submission 1.0. Afectada es una función desconocida del archivo /admin/update_s5.php. Tal manipulación del argumento sname lleva a cro… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4576 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4789 5.3 MEDIUM
Network 		- - The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all version… CWE-200
Information Exposure 		CVE-2025-13997 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4790 5.3 MEDIUM
Network 		- - Los King Addons para Elementor – más de 4.000 secciones de Elementor listas, más de 650 plantillas, más de 70 widgets GRATUITOS para el plugin Elementor para WordPress es vulnerable a la divulgación … CWE-200
Information Exposure 		CVE-2025-13997 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4791 6.4 MEDIUM
Network 		- - The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnera… CWE-79
Cross-site Scripting 		CVE-2025-6229 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4792 6.4 MEDIUM
Network 		- - La extensión Sina para Elementor (Header Builder, Footer Builder, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin para WordPress es vu… CWE-79
Cross-site Scripting 		CVE-2025-6229 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4793 2.4 LOW
Network 		- - A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/update_s4.php. Performing a manipulation of the argument sname resu… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4577 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4794 2.4 LOW
Network 		- - Se encontró una vulnerabilidad en code-projects Exam Form Submission 1.0. El elemento afectado es una función desconocida del archivo /admin/update_s4.PHP. La manipulación del argumento sname resulta… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4577 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4795 2.4 LOW
Network 		- - A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_s3.php. Executing a manipulation of the argument sname … CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4578 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4796 2.4 LOW
Network 		- - Se determinó una vulnerabilidad en code-projects Exam Form Submission 1.0. El elemento impactado es una función desconocida del archivo /admin/update_s3.PHP. La ejecución de una manipulación del argu… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-4578 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4797 5.0 MEDIUM
Adjacent 		- - A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation le… CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function 		CVE-2026-4582 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4798 5.0 MEDIUM
Adjacent 		- - Una vulnerabilidad de seguridad ha sido detectada en Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Afectada por esta vulnerabilidad es una funcionalidad desconocida del componente Bluetooth. Tal mani… CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function 		CVE-2026-4582 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4799 5.0 MEDIUM
Adjacent 		- - A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation result… CWE-287
CWE-294
Improper Authentication
Authentication Bypass by Capture-replay  		CVE-2026-4583 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm
4800 5.0 MEDIUM
Adjacent 		- - Se detectó una vulnerabilidad en Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Afecta a alguna funcionalidad desconocida del componente Gestor de Bluetooth. Realizar una manipulación resulta en omisi… CWE-287
CWE-294
Improper Authentication
Authentication Bypass by Capture-replay  		CVE-2026-4583 2026-04-25 01:32 2026-03-23 Show GitHub Exploit DB Packet Storm