Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 19, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
4271	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるヒープベースのバッファオーバーフローの脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-34540	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4272	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-34541	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4273	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるスタックベースのバッファオーバーフローの脆弱性	CWE-121 スタックオーバーフロー	CVE-2026-34542	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4274	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるゼロ除算に関する脆弱性	CWE-369 ゼロ除算	CVE-2026-34546	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4275	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおける未定義、未指定、または実装定義の動作への依存に関する脆弱性	CWE-758 未定義、未指定、または実装定義の動作への依存	CVE-2026-34547	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4276	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおける数値型間の変換の誤りに関する脆弱性	CWE-681 数値型間の変換の誤り	CVE-2026-34548	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4277	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおける未定義、未指定、または実装定義の動作への依存に関する脆弱性	CWE-758 未定義、未指定、または実装定義の動作への依存	CVE-2026-34549	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4278	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおける数値型間の変換の誤りに関する脆弱性	CWE-681 数値型間の変換の誤り	CVE-2026-34550	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4279	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-34551	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4280	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-34552	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
91	-		-	-	Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sour… New	CWE-93 CRLF Injection	CVE-2026-8788	2026-05-19 02:40	2026-05-18	Show	GitHub Exploit DB Packet Storm

92	7.8	HIGH Local	-	-	VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ma… New	CWE-428 Unquoted Search Path or Element	CVE-2021-47974	2026-05-19 02:38	2026-05-17	Show	GitHub Exploit DB Packet Storm

93	8.4	HIGH Local	-	-	VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craf… New	CWE-120 Classic Buffer Overflow	CVE-2018-25328	2026-05-19 02:38	2026-05-17	Show	GitHub Exploit DB Packet Storm

94	5.0	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses model_config = ConfigDict(extra='allow'), which permits arbitrary fi… New	CWE-862 Missing Authorization	CVE-2026-44550	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

95	8.1	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collection_n… New	CWE-862 Missing Authorization	CVE-2026-44554	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

96	5.4	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filter_allowed_access_grants on either create or up… New	CWE-862 Missing Authorization	CVE-2026-44558	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

97	4.3	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and … New	CWE-862 Missing Authorization	CVE-2026-44559	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

98	6.5	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" (non-full-context), type: "text" with collection_name, and bare col… New	CWE-862 Missing Authorization	CVE-2026-44560	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

99	5.4	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but do… New	CWE-863 Incorrect Authorization	CVE-2026-44561	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

100	7.6	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via base_model_id: a user-defined model (e.g.,… New	CWE-862 Missing Authorization	CVE-2026-44555	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm