Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 17, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
246801 7.5 危険 grayscale - Grayscale BandSite CMS における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-4984 2012-06-26 15:37 2006-09-25 Show GitHub Exploit DB Packet Storm
246802 7.5 危険 シスコシステムズ - Cisco NAC におけるコントロールメソッドを回避される脆弱性 - CVE-2006-4983 2012-06-26 15:37 2006-09-25 Show GitHub Exploit DB Packet Storm
246803 4.6 警告 シスコシステムズ - Cisco NAC におけるローカルネットワークに接続される脆弱性 - CVE-2006-4982 2012-06-26 15:37 2006-09-25 Show GitHub Exploit DB Packet Storm
246804 4.3 警告 DNN - Perpetual Motion Interactive Systems DotNetNuke の Default.aspx におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-4973 2012-06-26 15:37 2006-09-17 Show GitHub Exploit DB Packet Storm
246805 7.5 危険 chumpsoft - phpQ の inc/ifunctions.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-4966 2012-06-26 15:37 2006-09-24 Show GitHub Exploit DB Packet Storm
246806 6.4 警告 Exponent CMS project - Exponent CMS の index.php におけるディレクトリトラバーサルの脆弱性 - CVE-2006-4963 2012-06-26 15:37 2006-09-23 Show GitHub Exploit DB Packet Storm
246807 6.4 警告 blue dragon - Php Blue Dragon の pbd_engine.php におけるディレクトリトラバーサルの脆弱性 - CVE-2006-4962 2012-06-26 15:37 2006-09-23 Show GitHub Exploit DB Packet Storm
246808 7.5 危険 blue dragon - Php Blue Dragon の GetModuleConfig 関数における SQL インジェクションの脆弱性 - CVE-2006-4961 2012-06-26 15:37 2006-09-23 Show GitHub Exploit DB Packet Storm
246809 6.8 警告 blue dragon - Php Blue Dragon の index.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-4960 2012-06-26 15:37 2006-09-23 Show GitHub Exploit DB Packet Storm
246810 4.3 警告 Drupal - Drupal の Site Profile Directory におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-4949 2012-06-26 15:37 2006-09-20 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
171 6.5 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), th… New CWE-862
 Missing Authorization 		CVE-2026-44571 2026-05-16 08:16 2026-05-16 Show GitHub Exploit DB Packet Storm
172 6.5 MEDIUM
Network 		- - Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized… New CWE-787
 Out-of-bounds Write 		CVE-2026-8669 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
173 5.3 MEDIUM
Local 		- - Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer G… New CWE-787
 Out-of-bounds Write 		CVE-2026-8454 2026-05-16 07:16 2026-05-15 Show GitHub Exploit DB Packet Storm
174 - - - Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. New CWE-331
 Insufficient Entropy 		CVE-2026-46474 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
175 5.4 MEDIUM
Network 		- - phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, incl… New CWE-862
 Missing Authorization 		CVE-2026-46365 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
176 7.5 HIGH
Network 		- - phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attac… New CWE-89
SQL Injection 		CVE-2026-46359 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
177 8.0 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE … New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-45671 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
178 6.5 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.ap… New CWE-862
 Missing Authorization 		CVE-2026-45667 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
179 6.5 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowin… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-45666 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
180 8.1 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due… New CWE-79
Cross-site Scripting 		CVE-2026-45665 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm