Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 23, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
190701	6.1	警告 Network	Apache Software Foundation	-	Apache CXF におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-6812	2017-09-15 12:02	2016-11-4	Show	GitHub Exploit DB Packet Storm

190702	7.5	重要 Network	Apache Software Foundation	-	Apache CXF における XML 外部エンティティの脆弱性	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2016-8739	2017-09-15 12:02	2016-12-19	Show	GitHub Exploit DB Packet Storm

190703	7.5	重要 Network	Apache Software Foundation	-	Apache CXF における時間とステータスに関する脆弱性	CWE-361 時間とステータス	CVE-2017-3156	2017-09-15 12:02	2017-02-20	Show	GitHub Exploit DB Packet Storm

190704	9.8	緊急 Network	アップル	-	Apple iPhone などで使用される Qualcomm Telephony におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2017-8248	2017-09-15 11:16	2017-07-19	Show	GitHub Exploit DB Packet Storm

190705	7.8	重要 Local	Sierra Wireless	-	Sierra Wireless Windows Mobile Broadband Driver Package における引用されない検索パスまたは要素に関する脆弱性	CWE-428 引用されない検索パスまたは要素	CVE-2017-9247	2017-09-15 10:19	2017-07-12	Show	GitHub Exploit DB Packet Storm

190706	8.1	重要 Network	ヒューレット・パッカード	-	HP Linux Imaging and Printing における鍵管理のエラーに関する脆弱性	CWE-320 鍵管理のエラー	CVE-2015-0839	2017-09-14 18:12	2015-03-16	Show	GitHub Exploit DB Packet Storm

190707	9.8	緊急 Network	Zoho Corporation	-	Manage Engine Desktop Central における認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2015-2560	2017-09-14 18:06	2015-02-18	Show	GitHub Exploit DB Packet Storm

190708	7.5	重要 Network	varnish-cache.org	-	Varnish HTTP Cache における整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2017-12425	2017-09-14 17:38	2017-08-2	Show	GitHub Exploit DB Packet Storm

190709	7.5	重要 Network	シスコシステムズ	-	Cisco Data Center Network Manager におけるリソース管理に関する脆弱性	CWE-399 リソース管理の問題	CVE-2011-4650	2017-09-14 17:30	2011-12-1	Show	GitHub Exploit DB Packet Storm

190710	6.3	警告 Physics	NXP Semiconductors	-	複数の NXP i.MX および Vybrid 製品におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-7936	2017-09-14 17:23	2017-07-25	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 23, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
851	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.models_impor…	CWE-283 CWE-862 Unverified Ownership Missing Authorization	CVE-2026-44562	2026-05-19 12:10	2026-05-16	Show	GitHub Exploit DB Packet Storm

852	5.4	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but do…	CWE-863 Incorrect Authorization	CVE-2026-44561	2026-05-19 12:10	2026-05-16	Show	GitHub Exploit DB Packet Storm

853	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" (non-full-context), type: "text" with collection_name, and bare col…	CWE-862 Missing Authorization	CVE-2026-44560	2026-05-19 12:09	2026-05-16	Show	GitHub Exploit DB Packet Storm

854	4.3	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and …	CWE-862 Missing Authorization	CVE-2026-44559	2026-05-19 12:09	2026-05-16	Show	GitHub Exploit DB Packet Storm

855	8.0	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE …	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-45671	2026-05-19 12:08	2026-05-16	Show	GitHub Exploit DB Packet Storm

856	7.1	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks acr…	CWE-862 Missing Authorization	CVE-2026-45399	2026-05-19 12:08	2026-05-16	Show	GitHub Exploit DB Packet Storm

857	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When…	CWE-863 Incorrect Authorization	CVE-2026-45339	2026-05-19 12:07	2026-05-16	Show	GitHub Exploit DB Packet Storm

858	8.5	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retrieval/web/utils.py calls validators.ipv6(ip…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45331	2026-05-19 12:06	2026-05-16	Show	GitHub Exploit DB Packet Storm

859	4.8	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overl…	CWE-79 Cross-site Scripting	CVE-2026-44568	2026-05-19 12:06	2026-05-16	Show	GitHub Exploit DB Packet Storm

860	4.3	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for …	CWE-200 Information Exposure	CVE-2026-45387	2026-05-19 12:05	2026-05-16	Show	GitHub Exploit DB Packet Storm