Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 26, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
246511 7.5 危険 fuzzylime forum - Fuzzylime Forum における SQL インジェクションの脆弱性 - CVE-2007-3234 2012-06-26 15:46 2007-06-14 Show GitHub Exploit DB Packet Storm
246512 10 危険 CA Technologies - CA BrightStor ARCserve Backup for Laptops and Desktops の LGServer コンポーネントにおけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-3216 2012-06-26 15:46 2007-06-8 Show GitHub Exploit DB Packet Storm
246513 6.8 警告 e-vision - e-Vision CMS の style.php における SQL インジェクションの脆弱性 - CVE-2007-3214 2012-06-26 15:46 2007-06-14 Show GitHub Exploit DB Packet Storm
246514 4.3 警告 Beehive Forum - Beehive Forum の links.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3212 2012-06-26 15:46 2007-06-14 Show GitHub Exploit DB Packet Storm
246515 4.3 警告 domain technologie control - DTC の 404.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3211 2012-06-26 15:46 2007-06-14 Show GitHub Exploit DB Packet Storm
246516 9.3 危険 cellosoft - Vitalize! 用の Cellosoft Tokens Object 拡張の nptoken.mox におけるスタックベースのバッファオーバーフローの脆弱性 - CVE-2007-3210 2012-06-26 15:46 2007-06-14 Show GitHub Exploit DB Packet Storm
246517 4.3 警告 bruce corkhill - Webwiz のリッチ形式のテキストエディタにおけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3202 2012-06-26 15:46 2007-06-12 Show GitHub Exploit DB Packet Storm
246518 7.5 危険 american financing - Link Request Contact Form における無制限にファイルをアップロードされる脆弱性 - CVE-2007-3199 2012-06-26 15:46 2007-06-12 Show GitHub Exploit DB Packet Storm
246519 4.3 警告 erfan wiki - ERFAN WIKI の index.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3195 2012-06-26 15:46 2007-06-12 Show GitHub Exploit DB Packet Storm
246520 7.5 危険 geometrix download portal - Fullaspsite GeometriX Download Portal の down_indir.asp における SQL インジェクションの脆弱性 - CVE-2007-3188 2012-06-26 15:46 2007-06-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 26, 2026, 4:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
861 5.4 MEDIUM
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a memb… CWE-863
 Incorrect Authorization 		CVE-2026-44564 2026-05-19 12:11 2026-05-16 Show GitHub Exploit DB Packet Storm
862 5.4 MEDIUM
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any m… CWE-862
 Missing Authorization 		CVE-2026-44563 2026-05-19 12:11 2026-05-16 Show GitHub Exploit DB Packet Storm
863 6.5 MEDIUM
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.models_impor… CWE-283
CWE-862
 Unverified Ownership
 Missing Authorization 		CVE-2026-44562 2026-05-19 12:10 2026-05-16 Show GitHub Exploit DB Packet Storm
864 5.4 MEDIUM
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but do… CWE-863
 Incorrect Authorization 		CVE-2026-44561 2026-05-19 12:10 2026-05-16 Show GitHub Exploit DB Packet Storm
865 6.5 MEDIUM
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" (non-full-context), type: "text" with collection_name, and bare col… CWE-862
 Missing Authorization 		CVE-2026-44560 2026-05-19 12:09 2026-05-16 Show GitHub Exploit DB Packet Storm
866 4.3 MEDIUM
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and … CWE-862
 Missing Authorization 		CVE-2026-44559 2026-05-19 12:09 2026-05-16 Show GitHub Exploit DB Packet Storm
867 8.0 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE … CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-45671 2026-05-19 12:08 2026-05-16 Show GitHub Exploit DB Packet Storm
868 7.1 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks acr… CWE-862
 Missing Authorization 		CVE-2026-45399 2026-05-19 12:08 2026-05-16 Show GitHub Exploit DB Packet Storm
869 6.5 MEDIUM
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When… CWE-863
 Incorrect Authorization 		CVE-2026-45339 2026-05-19 12:07 2026-05-16 Show GitHub Exploit DB Packet Storm
870 8.5 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retrieval/web/utils.py calls validators.ipv6(ip… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45331 2026-05-19 12:06 2026-05-16 Show GitHub Exploit DB Packet Storm