Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 19, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
4271	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるヒープベースのバッファオーバーフローの脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-34540	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4272	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-34541	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4273	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるスタックベースのバッファオーバーフローの脆弱性	CWE-121 スタックオーバーフロー	CVE-2026-34542	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4274	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるゼロ除算に関する脆弱性	CWE-369 ゼロ除算	CVE-2026-34546	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4275	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおける未定義、未指定、または実装定義の動作への依存に関する脆弱性	CWE-758 未定義、未指定、または実装定義の動作への依存	CVE-2026-34547	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4276	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおける数値型間の変換の誤りに関する脆弱性	CWE-681 数値型間の変換の誤り	CVE-2026-34548	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4277	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおける未定義、未指定、または実装定義の動作への依存に関する脆弱性	CWE-758 未定義、未指定、または実装定義の動作への依存	CVE-2026-34549	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4278	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおける数値型間の変換の誤りに関する脆弱性	CWE-681 数値型間の変換の誤り	CVE-2026-34550	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4279	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-34551	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

4280	5.5	警告 Local	International Color Consortium (ICC)	iccDEV	International Color Consortium (ICC)のiccDEVにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-34552	2026-04-21 10:47	2026-03-31	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
111	8.0	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE … New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-45671	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

112	8.1	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) patt… New	CWE-269 CWE-362 Improper Privilege Management Race Condition	CVE-2026-45675	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

113	7.3	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting (XSS) vulnerability that allows any authenticated user… New	CWE-79 Cross-site Scripting	CVE-2026-44721	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

114	4.3	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any cha… New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-45385	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

115	4.3	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin is a write operation (modifies the message's is_pinned , pinned_by, pinned… New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-45386	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

116	4.3	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for … New	CWE-200 Information Exposure	CVE-2026-45387	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

117	7.2	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool update endpoint (POST /api/v1/tools/id/{id}/update) is missing the workspac… New	CWE-269 CWE-862 Improper Privilege Management Missing Authorization	CVE-2026-45395	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

118	5.3	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticate… New	CWE-306 Missing Authentication for Critical Function	CVE-2026-45397	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

119	8.5	HIGH Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypa… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45400	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm

120	5.4	MEDIUM Network	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-45396	2026-05-19 02:36	2026-05-16	Show	GitHub Exploit DB Packet Storm