Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 17, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
206631 6 警告 MySQL AB
オラクル		 - Oracle MySQL の MySQL Server における RBR に関する脆弱性 CWE-noinfo
情報不足 		CVE-2014-2436 2015-10-30 16:46 2014-04-15 Show GitHub Exploit DB Packet Storm
206632 2.8 注意 MySQL AB
オラクル		 - Oracle MySQL の MySQL Server における Federated に関する脆弱性 CWE-noinfo
情報不足 		CVE-2014-2432 2015-10-30 16:46 2014-04-15 Show GitHub Exploit DB Packet Storm
206633 2.6 注意 MySQL AB
オラクル		 - Oracle MySQL の MySQL Server における Options に関する脆弱性 CWE-noinfo
情報不足 		CVE-2014-2431 2015-10-30 16:46 2014-04-15 Show GitHub Exploit DB Packet Storm
206634 3.5 注意 MySQL AB
オラクル		 - Oracle MySQL の MySQL Server における Performance Schema に関する脆弱性 CWE-noinfo
情報不足 		CVE-2014-2430 2015-10-30 16:46 2014-04-15 Show GitHub Exploit DB Packet Storm
206635 4 警告 MySQL AB
オラクル		 - Oracle MySQL の MySQL Server における Partition に関する脆弱性 CWE-noinfo
情報不足 		CVE-2014-2419 2015-10-30 16:46 2014-04-15 Show GitHub Exploit DB Packet Storm
206636 4 警告 MySQL AB
オラクル		 - Oracle MySQL の MySQL Server における XML に関する脆弱性 CWE-noinfo
情報不足 		CVE-2014-0384 2015-10-30 16:46 2014-04-15 Show GitHub Exploit DB Packet Storm
206637 2.8 注意 MySQL AB
オラクル		 - Oracle MySQL の MySQL Server における Replication に関する脆弱性 CWE-noinfo
情報不足 		CVE-2014-0420 2015-10-30 16:46 2014-01-14 Show GitHub Exploit DB Packet Storm
206638 2.4 注意 Apache Software Foundation - Subversion の daemonize.py モジュールにおける権限を取得される脆弱性 CWE-59
リンク解釈の問題 		CVE-2013-7393 2015-10-30 16:46 2013-08-22 Show GitHub Exploit DB Packet Storm
206639 5 警告 Fedora Project
json-c project		 - json-c の printbuf API におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2013-6370 2015-10-30 16:46 2013-11-19 Show GitHub Exploit DB Packet Storm
206640 4 警告 MySQL AB
オラクル		 - Oracle MySQL の MySQL Server における Partition に関する脆弱性 CWE-noinfo
情報不足 		CVE-2013-5891 2015-10-30 16:44 2014-01-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 17, 2026, 4:15 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
161 4.3 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any cha… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-45385 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
162 4.3 MEDIUM
Network 		- - phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login statu… New CWE-863
 Incorrect Authorization 		CVE-2026-45009 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
163 7.2 HIGH
Network 		arubanetworks arubaos
sd-wan 		An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authentica… New NVD-CWE-noinfo
CWE-296
 Improper Following of a Certificate's Chain of Trust 		CVE-2026-44852 2026-05-16 06:16 2026-05-13 Show GitHub Exploit DB Packet Storm
164 7.3 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting (XSS) vulnerability that allows any authenticated user… New CWE-79
Cross-site Scripting 		CVE-2026-44721 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
165 4.8 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overl… New CWE-79
Cross-site Scripting 		CVE-2026-44568 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
166 5.4 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but do… New CWE-863
 Incorrect Authorization 		CVE-2026-44561 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
167 4.3 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and … New CWE-862
 Missing Authorization 		CVE-2026-44559 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
168 7.6 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via base_model_id: a user-defined model (e.g.,… New CWE-862
 Missing Authorization 		CVE-2026-44555 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
169 8.1 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSION_POOL to discon… New CWE-613
 Insufficient Session Expiration 		CVE-2026-44553 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
170 6.5 MEDIUM
Network 		- - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks… New CWE-444
HTTP Request Smuggling 		CVE-2026-42585 2026-05-16 06:16 2026-05-14 Show GitHub Exploit DB Packet Storm