Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 21, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
4191	7.4	重要 Network	Eclipse Foundation	Jetty	Eclipse FoundationのJettyにおける複数の脆弱性	CWE-226 CWE-287	CVE-2026-5795	2026-04-24 11:40	2026-04-8	Show	GitHub Exploit DB Packet Storm

4192	7.5	重要 Network	GNU Project	GNU C Library	GNU ProjectのGNU C Libraryにおけるバッファアンダーリードの脆弱性	CWE-127 バッファアンダーリード	CVE-2026-5928	2026-04-24 11:40	2026-04-20	Show	GitHub Exploit DB Packet Storm

4193	7.1	重要 Network	ConnectWise, Inc.	automate	ConnectWise, Inc.のautomateにおける重要な情報の平文での送信に関する脆弱性	CWE-319 重要な情報の平文での送信	CVE-2026-6066	2026-04-24 11:40	2026-04-20	Show	GitHub Exploit DB Packet Storm

4194	9.1	緊急 Network	Open JS Foundation	fastify/middie	Open JS Foundationの@fastify/middieにおける解釈の競合に関する脆弱性	CWE-436 解釈の競合	CVE-2026-6270	2026-04-24 11:40	2026-04-16	Show	GitHub Exploit DB Packet Storm

4195	9.9	緊急 Network	ASUSTOR Inc.	data master	ASUSTOR Inc.のdata masterにおけるスタックベースのバッファオーバーフローの脆弱性	CWE-121 スタックオーバーフロー	CVE-2026-6643	2026-04-24 11:40	2026-04-20	Show	GitHub Exploit DB Packet Storm

4196	9.1	緊急 Network	ASUSTOR Inc.	data master	ASUSTOR Inc.のdata masterにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-6644	2026-04-24 11:40	2026-04-20	Show	GitHub Exploit DB Packet Storm

4197	7.5	重要 Network	Mozilla Foundation	Mozilla Firefox Mozilla Thunderbird	Mozilla FoundationのMozilla Firefox等の複数製品における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-6746	2026-04-24 11:40	2026-04-21	Show	GitHub Exploit DB Packet Storm

4198	7.5	重要 Network	Mozilla Foundation	Mozilla Firefox Mozilla Thunderbird	Mozilla FoundationのMozilla Firefox等の複数製品における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-6747	2026-04-24 11:40	2026-04-21	Show	GitHub Exploit DB Packet Storm

4199	9.8	緊急 Network	Mozilla Foundation	Mozilla Firefox Mozilla Thunderbird	Mozilla FoundationのMozilla Firefox等の複数製品における初期化されていない変数の使用に関する脆弱性	CWE-457 初期化されていない変数の使用	CVE-2026-6748	2026-04-24 11:40	2026-04-21	Show	GitHub Exploit DB Packet Storm

4200	7.5	重要 Network	Mozilla Foundation	Mozilla Firefox Mozilla Thunderbird	Mozilla FoundationのMozilla Firefox等の複数製品における初期化されていないリソースの使用に関する脆弱性	CWE-908 初期化されていないリソースの使用	CVE-2026-6749	2026-04-24 11:40	2026-04-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 22, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
761	5.0	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses model_config = ConfigDict(extra='allow'), which permits arbitrary fi… Update	CWE-862 Missing Authorization	CVE-2026-44550	2026-05-19 12:12	2026-05-16	Show	GitHub Exploit DB Packet Storm

762	5.4	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a memb… Update	CWE-863 Incorrect Authorization	CVE-2026-44564	2026-05-19 12:11	2026-05-16	Show	GitHub Exploit DB Packet Storm

763	5.4	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any m… Update	CWE-862 Missing Authorization	CVE-2026-44563	2026-05-19 12:11	2026-05-16	Show	GitHub Exploit DB Packet Storm

764	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.models_impor… Update	CWE-283 CWE-862 Unverified Ownership Missing Authorization	CVE-2026-44562	2026-05-19 12:10	2026-05-16	Show	GitHub Exploit DB Packet Storm

765	5.4	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but do… Update	CWE-863 Incorrect Authorization	CVE-2026-44561	2026-05-19 12:10	2026-05-16	Show	GitHub Exploit DB Packet Storm

766	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" (non-full-context), type: "text" with collection_name, and bare col… Update	CWE-862 Missing Authorization	CVE-2026-44560	2026-05-19 12:09	2026-05-16	Show	GitHub Exploit DB Packet Storm

767	4.3	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and … Update	CWE-862 Missing Authorization	CVE-2026-44559	2026-05-19 12:09	2026-05-16	Show	GitHub Exploit DB Packet Storm

768	8.0	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE … Update	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-45671	2026-05-19 12:08	2026-05-16	Show	GitHub Exploit DB Packet Storm

769	7.1	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks acr… Update	CWE-862 Missing Authorization	CVE-2026-45399	2026-05-19 12:08	2026-05-16	Show	GitHub Exploit DB Packet Storm

770	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When… Update	CWE-863 Incorrect Authorization	CVE-2026-45339	2026-05-19 12:07	2026-05-16	Show	GitHub Exploit DB Packet Storm