Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 17, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
203811 8.4 重要
Local 		Google - Android の Download Manager におけるプライベートストレージのファイルアクセス制限を回避される脆弱性 CWE-362
競合状態 		CVE-2016-0848 2016-04-22 17:40 2016-04-4 Show GitHub Exploit DB Packet Storm
203812 8.4 重要
Local 		Google - Android の IMemory Native Interface の libs/binder/IMemory.cpp における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0846 2016-04-22 17:40 2016-04-4 Show GitHub Exploit DB Packet Storm
203813 8.4 重要
Local 		Google - Android の Qualcomm RF ドライバにおける権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0844 2016-04-22 17:39 2016-04-4 Show GitHub Exploit DB Packet Storm
203814 8.4 重要
Local 		Google - Android の Qualcomm ARM プロセッサのパフォーマンスイベントマネージャにおける権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0843 2016-04-22 17:39 2016-04-4 Show GitHub Exploit DB Packet Storm
203815 8.4 重要
Local 		Google - Android の libstagefright の H.264 デコーダにおける任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-0842 2016-04-22 17:39 2016-04-4 Show GitHub Exploit DB Packet Storm
203816 9.8 緊急
Network 		Google - Android のメディアサーバの media/libmedia/mediametadataretriever.cpp における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-0841 2016-04-22 17:39 2016-04-4 Show GitHub Exploit DB Packet Storm
203817 8.4 重要
Local 		Google - Android のメディアサーバの decoder/ih264d_parse_cavlc.c におけるスタックベースのバッファアンダーフローの脆弱性 CWE-119
バッファエラー 		CVE-2016-0840 2016-04-22 17:39 2016-04-4 Show GitHub Exploit DB Packet Storm
203818 9.8 緊急
Network 		Google - Android のメディアサーバの post_proc/volume_listener.c における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-0839 2016-04-22 17:39 2016-04-4 Show GitHub Exploit DB Packet Storm
203819 9.8 緊急
Network 		Google - Android のメディアサーバの Sonivox における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-0838 2016-04-22 17:39 2016-04-4 Show GitHub Exploit DB Packet Storm
203820 9.8 緊急
Network 		Google - Android のメディアサーバの libstagefright の MPEG4Extractor.cpp における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-0837 2016-04-22 17:39 2016-04-4 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 17, 2026, 4:15 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
171 6.5 MEDIUM
Network 		- - Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils… New CWE-611
XXE 		CVE-2026-39053 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
172 6.5 MEDIUM
Network 		getoutline outline Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A… Update CWE-352
 Origin Validation Error 		CVE-2026-44695 2026-05-16 05:21 2026-05-12 Show GitHub Exploit DB Packet Storm
173 8.7 HIGH
Network 		dani-garcia vaultwarden Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to the same organization as grou… Update CWE-285
Improper Authorization 		CVE-2026-43912 2026-05-16 05:19 2026-05-12 Show GitHub Exploit DB Packet Storm
174 7.6 HIGH
Network 		- - Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter … New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-46408 2026-05-16 05:16 2026-05-16 Show GitHub Exploit DB Packet Storm
175 7.1 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks acr… New CWE-862
 Missing Authorization 		CVE-2026-45399 2026-05-16 05:16 2026-05-16 Show GitHub Exploit DB Packet Storm
176 7.1 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API … New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-45349 2026-05-16 05:16 2026-05-16 Show GitHub Exploit DB Packet Storm
177 6.5 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When… New CWE-863
 Incorrect Authorization 		CVE-2026-45339 2026-05-16 05:16 2026-05-16 Show GitHub Exploit DB Packet Storm
178 9.1 CRITICAL
Network 		- - CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (POST /api/v1/files) of CubeCart. The end… New CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-45053 2026-05-16 05:16 2026-05-14 Show GitHub Exploit DB Packet Storm
179 5.4 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a memb… New CWE-863
 Incorrect Authorization 		CVE-2026-44564 2026-05-16 05:16 2026-05-16 Show GitHub Exploit DB Packet Storm
180 5.4 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any m… New CWE-862
 Missing Authorization 		CVE-2026-44563 2026-05-16 05:16 2026-05-16 Show GitHub Exploit DB Packet Storm