Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 2:16 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
190901	5.5	警告 Local	VirusTotal	-	YARA におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-11328	2017-08-31 11:58	2017-07-5	Show	GitHub Exploit DB Packet Storm

190902	5.5	警告 Local	ClamAV	-	ClamAV における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2017-6420	2017-08-31 11:49	2017-03-4	Show	GitHub Exploit DB Packet Storm

190903	7.8	重要 Local	Stuart Caie	-	libmspack におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-6419	2017-08-31 11:49	2017-03-30	Show	GitHub Exploit DB Packet Storm

190904	5.5	警告 Local	ClamAV	-	ClamAV における境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2017-6418	2017-08-31 11:49	2017-03-3	Show	GitHub Exploit DB Packet Storm

190905	6.1	警告 Network	phpSocial	-	phpSocial におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-10801	2017-08-31 11:48	2017-07-2	Show	GitHub Exploit DB Packet Storm

190906	7.5	重要 Network	Google	-	Google News and Weather アプリケーションにおける情報漏えいに関する脆弱性	CWE-200 情報漏えい	CVE-2017-9245	2017-08-31 11:48	2017-07-18	Show	GitHub Exploit DB Packet Storm

190907	9.8	緊急 Network	GLPI-PROJECT.ORG	-	GLPI における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2017-11184	2017-08-31 10:58	2017-07-13	Show	GitHub Exploit DB Packet Storm

190908	5.4	警告 Network	NetComm Wireless Limited.	-	NetComm Wireless 4GT101W におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-11647	2017-08-31 10:57	2017-07-26	Show	GitHub Exploit DB Packet Storm

190909	8.8	重要 Network	NetComm Wireless Limited.	-	NetComm Wireless 4GT101W におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2017-11646	2017-08-31 10:57	2017-07-26	Show	GitHub Exploit DB Packet Storm

190910	9.8	緊急 Network	NetComm Wireless Limited.	-	NetComm Wireless 4GT101W における認証に関する脆弱性	CWE-287 不適切な認証	CVE-2017-11645	2017-08-31 10:57	2017-07-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
201	8.1	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTT… New	CWE-22 Path Traversal	CVE-2026-44565	2026-05-16 07:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

202	7.3	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload c… New	CWE-79 Cross-site Scripting	CVE-2026-44549	2026-05-16 07:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

203	8.1	HIGH Network	-	-	Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers… New	CWE-94 Code Injection	CVE-2026-35194	2026-05-16 07:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

204	7.5	HIGH Network	-	-	radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbi… New	CWE-416 Use After Free	CVE-2026-8696	2026-05-16 06:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

205	8.8	HIGH Network	-	-	Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) New	CWE-787 Out-of-bounds Write	CVE-2026-8558	2026-05-16 06:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

206	7.5	HIGH Network	-	-	phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted … New	CWE-863 Incorrect Authorization	CVE-2026-46366	2026-05-16 06:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

207	5.4	MEDIUM Network	-	-	phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authent… New	CWE-79 Cross-site Scripting	CVE-2026-46363	2026-05-16 06:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

208	5.4	MEDIUM Network	-	-	phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass san… New	CWE-79 Cross-site Scripting	CVE-2026-46360	2026-05-16 06:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

209	8.1	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) patt… New	CWE-269 CWE-362 Improper Privilege Management Race Condition	CVE-2026-45675	2026-05-16 06:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

210	8.8	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter … New	CWE-863 Incorrect Authorization	CVE-2026-45672	2026-05-16 06:16	2026-05-16	Show	GitHub Exploit DB Packet Storm