Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 19, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
206481 7.2 危険 マイクロソフト - 複数の Microsoft Windows 製品のカーネルにおける権限昇格の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-6173 2015-12-10 11:06 2015-12-8 Show GitHub Exploit DB Packet Storm
206482 7.2 危険 マイクロソフト - 複数の Microsoft Windows 製品のカーネルにおける権限昇格の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-6171 2015-12-10 11:06 2015-12-8 Show GitHub Exploit DB Packet Storm
206483 9.3 危険 マイクロソフト - Microsoft Windows 7 および Windows Server 2008 R2 の Uniscribe における整数アンダーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2015-6130 2015-12-10 10:39 2015-12-8 Show GitHub Exploit DB Packet Storm
206484 7.5 危険 Sensio Labs - Symfony における脆弱性 CWE-noinfo
情報不足 		CVE-2015-8125 2015-12-9 18:14 2015-11-23 Show GitHub Exploit DB Packet Storm
206485 6.8 警告 Sensio Labs - Symfony の "Remember Me" ログイン機能における Web セッションをハイジャックされる脆弱性 CWE-Other
その他 		CVE-2015-8124 2015-12-9 18:14 2015-11-23 Show GitHub Exploit DB Packet Storm
206486 7.1 危険 Huawei - 複数の Huawei USG 製品のソフトウェアにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2015-8084 2015-12-9 18:14 2015-10-21 Show GitHub Exploit DB Packet Storm
206487 9 危険 F5 Networks - 複数の F5 製品の iControl API における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-3628 2015-12-9 17:43 2015-09-9 Show GitHub Exploit DB Packet Storm
206488 4.3 警告 zTree - zTree におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-7348 2015-12-9 17:21 2015-11-26 Show GitHub Exploit DB Packet Storm
206489 4.3 警告 Novell
Simon Tatham		 - PuTTY のターミナルエミュレータにおける整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2015-5309 2015-12-9 17:14 2015-11-8 Show GitHub Exploit DB Packet Storm
206490 5 警告 レッドハット
OpenLDAP Foundation		 - OpenLDAP の libraries/libldap/tls_m.c の nss_parse_ciphers 関数における脆弱性 CWE-Other
その他 		CVE-2015-3276 2015-12-9 17:10 2015-11-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
131 6.5 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), th… New CWE-862
 Missing Authorization 		CVE-2026-44571 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
132 5.4 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profile_image_url field on the user profile update form accepted arbitrary data:… New CWE-79
Cross-site Scripting 		CVE-2026-45299 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
133 8.1 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authentica… New CWE-284
Improper Access Control 		CVE-2026-45301 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
134 7.7 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend … New CWE-79
Cross-site Scripting 		CVE-2026-45303 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
135 - - - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profile_image_url values, i… New CWE-87
 Improper Neutralization of Alternate XSS Syntax 		CVE-2026-45314 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
136 3.5 LOW
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write operation (toggling the is… New CWE-863
 Incorrect Authorization 		CVE-2026-45316 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
137 5.4 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS (CVE-2026-44549).… New CWE-79
Cross-site Scripting 		CVE-2026-45318 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
138 8.7 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-suppl… New CWE-79
CWE-434
CWE-646
Cross-site Scripting
 Unrestricted Upload of File with Dangerous Type 
 Reliance on File Name or Extension of Externally-Supplied File 		CVE-2026-45315 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
139 4.6 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery (CSRF) vulnerability was found Open-W… New CWE-20
CWE-352
 Improper Input Validation 
 Origin Validation Error 		CVE-2026-45317 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
140 7.7 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() … New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45338 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm