Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
246771	7.5	危険	enthrallweb	-	Enthrallweb eCars の Types.asp における SQL インジェクションの脆弱性	-	CVE-2006-6803	2012-06-26 15:38	2006-12-28	Show	GitHub Exploit DB Packet Storm

246772	7.5	危険	enthrallweb	-	Enthrallweb ePages の actualpic.asp における SQL インジェクションの脆弱性	-	CVE-2006-6802	2012-06-26 15:38	2006-12-28	Show	GitHub Exploit DB Packet Storm

246773	7.5	危険	efkan forum	-	Efkan Forum の default.asp における SQL インジェクションの脆弱性	-	CVE-2006-6794	2012-06-26 15:38	2006-12-27	Show	GitHub Exploit DB Packet Storm

246774	7.5	危険	chatwm	-	chatwm の SelGruFra.asp における SQL インジェクションの脆弱性	-	CVE-2006-6791	2012-06-26 15:38	2006-12-27	Show	GitHub Exploit DB Packet Storm

246775	6.8	警告	future internet	-	Future Internet の index.cfm におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-6777	2012-06-26 15:38	2006-12-27	Show	GitHub Exploit DB Packet Storm

246776	7.5	危険	future internet	-	Future Internet における SQL インジェクションの脆弱性	-	CVE-2006-6776	2012-06-26 15:38	2006-12-27	Show	GitHub Exploit DB Packet Storm

246777	3.5	注意	acftp	-	acFTP におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-6775	2012-06-26 15:38	2006-12-27	Show	GitHub Exploit DB Packet Storm

246778	6.8	警告	ciberia	-	Ciberia Content Federator の members/maquetacion_member.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-6774	2012-06-26 15:38	2006-12-27	Show	GitHub Exploit DB Packet Storm

246779	7.5	危険	fishyshoop	-	Fishyshoop の pages/register/register.php における任意の管理者ユーザを作成される脆弱性	-	CVE-2006-6773	2012-06-26 15:38	2006-12-27	Show	GitHub Exploit DB Packet Storm

246780	7.5	危険	cwm-design	-	cwmExplorer における SQL インジェクションの脆弱性	-	CVE-2006-6766	2012-06-26 15:38	2006-12-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
161	-		-	-	ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the auth… New	CWE-89 SQL Injection	CVE-2026-42847	2026-05-16 10:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

162	7.5	HIGH Network	-	-	Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handle… Update	CWE-362 Race Condition	CVE-2026-42594	2026-05-16 10:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

163	-		-	-	mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond a… New	CWE-78 CWE-862 OS Command Missing Authorization	CVE-2026-41315	2026-05-16 10:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

164	-		-	-	Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting (XSS) issue in the… New	CWE-79 Cross-site Scripting	CVE-2026-45622	2026-05-16 08:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

165	8.1	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied file_id and attach the referenced file to … New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-45402	2026-05-16 08:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

166	5.4	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-45396	2026-05-16 08:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

167	7.1	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass to… New	CWE-862 Missing Authorization	CVE-2026-45350	2026-05-16 08:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

168	7.7	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() … New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45338	2026-05-16 08:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

169	8.5	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retrieval/web/utils.py calls validators.ipv6(ip… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45331	2026-05-16 08:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

170	9.1	CRITICAL Network	-	-	phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session bind… New	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2026-45010	2026-05-16 08:16	2026-05-16	Show	GitHub Exploit DB Packet Storm