Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 16, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
255661 9.3 危険 レッドハット
リアルネットワークス		 - Realnetworks RealPlayer におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-4245 2010-02-17 11:48 2010-01-19 Show GitHub Exploit DB Packet Storm
255662 9.3 危険 リアルネットワークス - Realnetworks RealPlayer における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2009-4244 2010-02-17 11:48 2010-01-19 Show GitHub Exploit DB Packet Storm
255663 9.3 危険 リアルネットワークス - RealNetworks RealPlayer の DLL ファイルにおける任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2009-0376 2010-02-17 11:47 2010-01-19 Show GitHub Exploit DB Packet Storm
255664 9.3 危険 リアルネットワークス - RealNetworks RealPlayer の DLL ファイルにおける任意のコードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2009-0375 2010-02-17 11:47 2010-01-19 Show GitHub Exploit DB Packet Storm
255665 9.3 危険 リアルネットワークス - Realnetworks RealPlayer における HTTP のチャンク転送コーディングの処理に関する脆弱性 CWE-119
バッファエラー 		CVE-2009-4243 2010-02-17 11:47 2010-01-19 Show GitHub Exploit DB Packet Storm
255666 9.3 危険 レッドハット
リアルネットワークス		 - Realnetworks RealPlayer における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2009-4242 2010-02-17 11:47 2010-01-19 Show GitHub Exploit DB Packet Storm
255667 9.3 危険 リアルネットワークス - Realnetworks RealPlayer における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2009-4241 2010-02-17 11:46 2010-01-19 Show GitHub Exploit DB Packet Storm
255668 4.4 警告 サイバートラスト株式会社
Linux
レッドハット		 - Linux kernel の z90crypt ドライバにおける権限昇格の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-1883 2010-02-17 11:46 2009-09-15 Show GitHub Exploit DB Packet Storm
255669 7.2 危険 サイバートラスト株式会社
Linux
ターボリナックス
レッドハット		 - Linux kernel の udp_sendmsg 関数における権限昇格の脆弱性 CWE-DesignError
CVE-2009-2698 2010-02-17 11:45 2009-08-27 Show GitHub Exploit DB Packet Storm
255670 7.2 危険 サイバートラスト株式会社
Linux
ターボリナックス
レッドハット		 - Linux kernel における proto_ops 構造体の初期化処理に関する権限昇格の脆弱性 CWE-119
バッファエラー 		CVE-2009-2692 2010-02-17 11:45 2009-08-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 17, 2026, 4:15 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
161 4.3 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any cha… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-45385 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
162 4.3 MEDIUM
Network 		- - phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login statu… New CWE-863
 Incorrect Authorization 		CVE-2026-45009 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
163 7.2 HIGH
Network 		arubanetworks arubaos
sd-wan 		An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authentica… New NVD-CWE-noinfo
CWE-296
 Improper Following of a Certificate's Chain of Trust 		CVE-2026-44852 2026-05-16 06:16 2026-05-13 Show GitHub Exploit DB Packet Storm
164 7.3 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting (XSS) vulnerability that allows any authenticated user… New CWE-79
Cross-site Scripting 		CVE-2026-44721 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
165 4.8 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overl… New CWE-79
Cross-site Scripting 		CVE-2026-44568 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
166 5.4 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but do… New CWE-863
 Incorrect Authorization 		CVE-2026-44561 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
167 4.3 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and … New CWE-862
 Missing Authorization 		CVE-2026-44559 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
168 7.6 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via base_model_id: a user-defined model (e.g.,… New CWE-862
 Missing Authorization 		CVE-2026-44555 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
169 8.1 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSION_POOL to discon… New CWE-613
 Insufficient Session Expiration 		CVE-2026-44553 2026-05-16 06:16 2026-05-16 Show GitHub Exploit DB Packet Storm
170 6.5 MEDIUM
Network 		- - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks… New CWE-444
HTTP Request Smuggling 		CVE-2026-42585 2026-05-16 06:16 2026-05-14 Show GitHub Exploit DB Packet Storm