Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 21, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
641	5.3	警告 Network	Fleet Device Management	fleet	Fleet Device Managementのfleetにおけるスプーフィングによる認証回避に関する脆弱性	CWE-290 スプーフィングによる認証回避	CVE-2026-24000	2026-05-18 12:07	2026-05-14	Show	GitHub Exploit DB Packet Storm

642	7.5	重要 Network	strapi	strapi	strapiにおける複数の脆弱性	CWE-200 CWE-22 CWE-943	CVE-2026-27886	2026-05-18 12:07	2026-05-14	Show	GitHub Exploit DB Packet Storm

643	6.5	警告 Network	Grafana Labs	Grafana	Grafana LabsのGrafanaにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-28376	2026-05-18 12:07	2026-05-13	Show	GitHub Exploit DB Packet Storm

644	2.7	低 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-2900	2026-05-18 12:07	2026-05-14	Show	GitHub Exploit DB Packet Storm

645	4.3	警告 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-3073	2026-05-18 12:07	2026-05-14	Show	GitHub Exploit DB Packet Storm

646	4.3	警告 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-3074	2026-05-18 12:07	2026-05-14	Show	GitHub Exploit DB Packet Storm

647	5.8	警告 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおけるフィルタリングの回避に関する脆弱性	CWE-441 フィルタリング回避	CVE-2026-3160	2026-05-18 12:07	2026-05-14	Show	GitHub Exploit DB Packet Storm

648	9.1	緊急 Network	マイクロソフト	Azure SDK for Java	Azure SDK for Java のセキュリティ機能のバイパスの脆弱性	CWE-287 CWE-347	CVE-2026-33117	2026-05-18 12:07	2026-05-12	Show	GitHub Exploit DB Packet Storm

649	9.9	緊急 Network	マイクロソフト	Microsoft Dynamics 365 Customer Insights	Microsoft Dynamics 365 Customer Insights の特権昇格の脆弱性	CWE-269 不適切な権限管理	CVE-2026-33821	2026-05-18 12:06	2026-05-12	Show	GitHub Exploit DB Packet Storm

650	6.5	警告 Adjacent	Pengutronix e.K.	barebox	Pengutronix e.K.のbareboxにおける境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-34960	2026-05-18 12:06	2026-05-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 22, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
771	8.5	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retrieval/web/utils.py calls validators.ipv6(ip… Update	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45331	2026-05-19 12:06	2026-05-16	Show	GitHub Exploit DB Packet Storm

772	4.8	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overl… Update	CWE-79 Cross-site Scripting	CVE-2026-44568	2026-05-19 12:06	2026-05-16	Show	GitHub Exploit DB Packet Storm

773	4.3	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for … Update	CWE-200 Information Exposure	CVE-2026-45387	2026-05-19 12:05	2026-05-16	Show	GitHub Exploit DB Packet Storm

774	7.2	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool update endpoint (POST /api/v1/tools/id/{id}/update) is missing the workspac… Update	CWE-269 CWE-862 Improper Privilege Management Missing Authorization	CVE-2026-45395	2026-05-19 12:05	2026-05-16	Show	GitHub Exploit DB Packet Storm

775	4.3	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any cha… Update	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-45385	2026-05-19 10:45	2026-05-16	Show	GitHub Exploit DB Packet Storm

776	6.3	MEDIUM Network	open5gs	open5gs	A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in … Update	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-8743	2026-05-19 10:35	2026-05-17	Show	GitHub Exploit DB Packet Storm

777	5.5	MEDIUM Local	steipete	summarize	Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default… New	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2026-45246	2026-05-19 10:34	2026-05-19	Show	GitHub Exploit DB Packet Storm

778	5.4	MEDIUM Network	steipete	summarize	Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation featu… New	CWE-862 Missing Authorization	CVE-2026-45244	2026-05-19 10:34	2026-05-19	Show	GitHub Exploit DB Packet Storm

779	7.1	HIGH Network	steipete	summarize	Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolu… New	CWE-862 Missing Authorization	CVE-2026-45242	2026-05-19 10:34	2026-05-19	Show	GitHub Exploit DB Packet Storm

780	6.1	MEDIUM Network	steipete	summarize	Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation a… New	CWE-862 Missing Authorization	CVE-2026-45243	2026-05-19 10:34	2026-05-19	Show	GitHub Exploit DB Packet Storm