NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
4851	5.4	MEDIUM Network	-	-	The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions…	CWE-862 Missing Authorization	CVE-2026-4056	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4852	5.4	MEDIUM Network	-	-	El plugin User Registration & Membership para WordPress es vulnerable a la modificación no autorizada de datos debido a una comprobación de capacidad faltante en los endpoints de la API REST de R…	CWE-862 Missing Authorization	CVE-2026-4056	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4853	2.4	LOW Network	-	-	Se ha descubierto una vulnerabilidad de seguridad en bolo-blog ?? 2.6.4. El elemento afectado es una función desconocida del archivo /console/article/ del componente Gestor de Títulos de Artículo. Re…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-4616	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4854	7.3	HIGH Network	-	-	Se ha identificado una debilidad en SourceCodester Patients Waiting Area Queue Management System 1.0. El elemento afectado es la función ValidateToken del archivo /PHP/api_patient_checkin.php del com…	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-4617	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4855	6.5	MEDIUM Network	-	-	The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template' AJAX action in all versions up t…	CWE-89 SQL Injection	CVE-2026-3079	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4856	6.5	MEDIUM Network	-	-	El plugin LearnDash LMS para WordPress es vulnerable a inyección SQL ciega basada en tiempo a través del parámetro 'filters[orderby_order]' en la acción AJAX 'learndash_propanel_template' en todas la…	CWE-89 SQL Injection	CVE-2026-3079	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4857	7.3	HIGH Network	-	-	A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4624	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4858	7.3	HIGH Network	-	-	Se detectó una vulnerabilidad en SourceCodester Online Library Management System 1.0. El elemento afectado es una función desconocida del archivo /home.php del componente Gestor de Parámetros. Realiz…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4624	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4859	7.3	HIGH Network	-	-	A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql inj…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4625	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4860	7.3	HIGH Network	-	-	Se ha encontrado un fallo en SourceCodester Online Admission System 1.0. Esto afecta a una función desconocida del archivo /programmes.php. La ejecución de una manipulación del argumento program pued…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4625	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4861	7.3	HIGH Network	-	-	A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-4623	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4862	7.3	HIGH Network	-	-	Una vulnerabilidad de seguridad ha sido detectada en DefaultFuction Jeson-Customer-Relationship-Management-System hasta 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. Esto afecta una función desconocida d…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-4623	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4863	6.5	MEDIUM Network	-	-	The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to th…	CWE-862 Missing Authorization	CVE-2026-3138	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4864	6.5	MEDIUM Network	-	-	El plugin Product Filter for WooCommerce by WBW para WordPress es vulnerable a la pérdida de datos no autorizada debido a una comprobación de capacidad faltante en todas las versiones hasta la 3.1.2,…	CWE-862 Missing Authorization	CVE-2026-3138	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4865	9.1	CRITICAL Network	-	-	The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accep…	CWE-862 Missing Authorization	CVE-2026-4283	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4866	7.2	HIGH Network	-	-	A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipula…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-4627	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4867	7.2	HIGH Network	-	-	Se encontró una vulnerabilidad en D-Link DIR-825 y DIR-825R 1.0.5/4.5.1. Afecta a la función handler_update_system_time del archivo libdeuteron_modules.so del componente Servicio NTP. La manipulación…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-4627	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4868	7.3	HIGH Network	-	-	A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Execu…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4632	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4869	7.3	HIGH Network	-	-	Una debilidad ha sido identificada en itsourcecode Online Enrollment System 1.0. Esta vulnerabilidad afecta código desconocido del archivo /sms/user/index.php?view=add del componente Gestor de Paráme…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4632	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4870	9.1	CRITICAL Network	-	-	El plugin WP DSGVO Tools (GDPR) para WordPress es vulnerable a la destrucción no autorizada de cuentas en todas las versiones hasta la 3.1.38, inclusive. Esto se debe a que la acción AJAX 'super-unsu…	CWE-862 Missing Authorization	CVE-2026-4283	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4871	7.5	HIGH Network	-	-	The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter …	CWE-89 SQL Injection	CVE-2026-4662	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4872	7.5	HIGH Network	-	-	El plugin JetEngine para WordPress es vulnerable a inyección SQL a través de la acción AJAX 'listing_load_more' en todas las versiones hasta la 3.8.6.1, inclusive. Esto se debe a que el parámetro 'fi…	CWE-89 SQL Injection	CVE-2026-4662	2026-04-25 01:32	2026-03-24	Show	GitHub Exploit DB Packet Storm

4873	6.3	MEDIUM Network	-	-	A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4783	2026-04-25 01:32	2026-03-25	Show	GitHub Exploit DB Packet Storm

4874	6.3	MEDIUM Network	-	-	Una vulnerabilidad ha sido encontrada en itsourcecode College Management System 1.0. El elemento impactado es una función desconocida del archivo /admin/add-single-student-results.php del componente …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-4783	2026-04-25 01:32	2026-03-25	Show	GitHub Exploit DB Packet Storm

4875	6.4	MEDIUM Network	-	-	The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insuffic…	CWE-79 Cross-site Scripting	CVE-2026-4766	2026-04-25 01:32	2026-03-25	Show	GitHub Exploit DB Packet Storm

4876	6.4	MEDIUM Network	-	-	El plugin Easy Image Gallery para WordPress es vulnerable a cross-site scripting almacenado a través del campo meta de la publicación del shortcode de Galería en todas las versiones hasta la 1.5.3, i…	CWE-79 Cross-site Scripting	CVE-2026-4766	2026-04-25 01:32	2026-03-25	Show	GitHub Exploit DB Packet Storm

4877	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zorka: from n/a through <= 1.5.7.	CWE-79 Cross-site Scripting	CVE-2025-69096	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4878	7.1	HIGH Network	-	-	Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en G5Theme Zorka zorka permite XSS Reflejado. Este problema afecta a Zorka: desde …	CWE-79 Cross-site Scripting	CVE-2025-69096	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4879	8.5	HIGH Network	-	-	Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2025-69347	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4880	8.5	HIGH Network	-	-	Elusión de autorización a través de vulnerabilidad de clave controlada por el usuario en la suscripción de Convers Lab WPSubscription permite explotar niveles de seguridad de control de acceso config…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2025-69347	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4881	7.5	HIGH Network	-	-	Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime:…	CWE-862 Missing Authorization	CVE-2025-69358	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4882	7.5	HIGH Network	-	-	Vulnerabilidad de autorización faltante en Metagauss EventPrime eventprime-event-calendar-management permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. …	CWE-862 Missing Authorization	CVE-2025-69358	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4883	7.5	HIGH Network	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in flexcubed PitchPrint pitchprint allows Path Traversal.This issue affects PitchPrint: from n/a through <…	CWE-22 Path Traversal	CVE-2026-22448	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4884	7.5	HIGH Network	-	-	Limitación incorrecta de un nombre de ruta a un directorio restringido ('Salto de ruta') vulnerabilidad en flexcubed PitchPrint pitchprint permite Salto de ruta. Este problema afecta a PitchPrint: de…	CWE-22 Path Traversal	CVE-2026-22448	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4885	7.2	HIGH Network	-	-	Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a thro…	CWE-502 Deserialization of Untrusted Data	CVE-2026-22480	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4886	7.2	HIGH Network	-	-	Vulnerabilidad de deserialización de datos no confiables en WebToffee Product Feed for WooCommerce webtoffee-product-feed permite la inyección de objetos. Este problema afecta a Product Feed for WooC…	CWE-502 Deserialization of Untrusted Data	CVE-2026-22480	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4887	9.3	CRITICAL Network	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from …	CWE-89 SQL Injection	CVE-2026-22484	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4888	9.3	CRITICAL Network	-	-	Neutralización Incorrecta de Elementos Especiales utilizados en un Comando SQL ('Inyección SQL') vulnerabilidad en pebas Lisfinity Core lisfinity-core permite la inyección SQL. Este problema afecta a…	CWE-89 SQL Injection	CVE-2026-22484	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4889	6.5	MEDIUM Network	-	-	Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n…	CWE-862 Missing Authorization	CVE-2026-22485	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4890	6.5	MEDIUM Network	-	-	Vulnerabilidad de autorización faltante en Ruhul Amin My Album Gallery my-album-gallery permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema…	CWE-862 Missing Authorization	CVE-2026-22485	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4891	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affe…	CWE-79 Cross-site Scripting	CVE-2026-22491	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4892	7.1	HIGH Network	-	-	Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en wphocus My auctions allegro my-auctions-allegro-free-edition permite XSS Reflej…	CWE-79 Cross-site Scripting	CVE-2026-22491	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4893	8.1	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affec…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-22493	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4894	8.1	HIGH Network	-	-	Control inadecuado del nombre de fichero para la declaración Include/Require en un programa PHP (vulnerabilidad 'Inclusión Remota de Ficheros PHP') en Elated-Themes Gaspard gaspard permite la inclusi…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-22493	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4895	8.1	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affe…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-22494	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4896	8.1	HIGH Network	-	-	Control inadecuado del nombre de fichero para la declaración include/require en el programa PHP ('Inclusión Remota de Ficheros PHP') vulnerabilidad en ThemeREX Good Homes good-homes permite la inclus…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-22494	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4897	8.1	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue …	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-22495	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4898	8.1	HIGH Network	-	-	La vulnerabilidad de Control inadecuado del nombre de fichero para la declaración Include/Require en el programa PHP ('Inclusión remota de ficheros PHP') en AncoraThemes Greenville greenville permite…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-22495	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4899	8.1	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This is…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-22496	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm

4900	8.1	HIGH Network	-	-	Vulnerabilidad de control impropio del nombre de fichero para la declaración Include/Require en un programa PHP ('inclusión remota de ficheros PHP') en AncoraThemes Hypnotherapy hypnotherapy permite …	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-22496	2026-04-25 01:32	2026-03-26	Show	GitHub Exploit DB Packet Storm