Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 21, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
224471 6.4 警告 IBM - IBM API Management におけるテナント API へアクセスされる脆弱性 CWE-noinfo
情報不足 		CVE-2013-0559 2013-07-22 16:33 2013-07-10 Show GitHub Exploit DB Packet Storm
224472 7.2 危険 IBM - IBM AIX および VIOS の InfiniBand サブシステムにおける権限を取得される脆弱性 CWE-noinfo
情報不足 		CVE-2013-4011 2013-07-22 16:32 2013-06-3 Show GitHub Exploit DB Packet Storm
224473 10 危険 シーメンス - Siemens Enterprise OpenScape Branch および OpenScape Session Border Controller における任意のコマンドを実行される脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2013-4781 2013-07-22 16:31 2012-09-14 Show GitHub Exploit DB Packet Storm
224474 7.8 危険 シーメンス - Siemens Enterprise OpenScape Branch および OpenScape Session Border Controller における任意のファイルを読まれる脆弱性 CWE-200
情報漏えい 		CVE-2013-4780 2013-07-22 16:31 2012-09-14 Show GitHub Exploit DB Packet Storm
224475 4.3 警告 シーメンス - Siemens Enterprise OpenScape Branch および OpenScape Session Border Controller におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-4779 2013-07-22 16:29 2012-09-14 Show GitHub Exploit DB Packet Storm
224476 7.8 危険 シーメンス - Siemens Enterprise OpenScape Branch および OpenScape Session Border Controller における重要なサーバおよび統計情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2013-4778 2013-07-22 16:29 2012-09-14 Show GitHub Exploit DB Packet Storm
224477 5 警告 シスコシステムズ - Cisco IOS の GET VPN 機能のデフォルト設定における暗号化ポリシーを回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2013-3436 2013-07-22 16:25 2013-07-19 Show GitHub Exploit DB Packet Storm
224478 4.3 警告 DELL EMC (旧 EMC Corporation) - Data Store Gen プラットフォーム上で稼働する EMC Avamar Server および Avamar Virtual Edition における重要な情報を取得される脆弱性 CWE-20
不適切な入力確認 		CVE-2013-3275 2013-07-22 16:23 2013-07-17 Show GitHub Exploit DB Packet Storm
224479 9 危険 DELL EMC (旧 EMC Corporation) - Data Store Gen プラットフォーム上で稼働する EMC Avamar Server および Avamar Virtual Edition における任意のコードを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2013-3274 2013-07-22 16:22 2013-07-17 Show GitHub Exploit DB Packet Storm
224480 2.6 注意 Verizon - Verizon Wireless Network Extender における ESN および MIN 値を取得される脆弱性 CWE-287
不適切な認証 		CVE-2013-4877 2013-07-22 16:20 2013-07-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
371 7.5 HIGH
Network 		dhtmlx pdf_export_module PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could incl… Update CWE-22
Path Traversal 		CVE-2026-41552 2026-05-20 01:49 2026-05-15 Show GitHub Exploit DB Packet Storm
372 7.5 HIGH
Network 		twisted twisted Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exha… Update CWE-400
CWE-407
 Uncontrolled Resource Consumption
 Inefficient Algorithmic Complexity 		CVE-2026-42304 2026-05-20 01:47 2026-05-14 Show GitHub Exploit DB Packet Storm
373 6.1 MEDIUM
Network 		northern.tech cfengine Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS. Update CWE-79
Cross-site Scripting 		CVE-2026-24710 2026-05-20 01:45 2026-05-15 Show GitHub Exploit DB Packet Storm
374 5.3 MEDIUM
Network 		northern.tech cfengine Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control. Update CWE-284
Improper Access Control 		CVE-2026-24711 2026-05-20 01:44 2026-05-15 Show GitHub Exploit DB Packet Storm
375 7.3 HIGH
Network 		northern.tech cfengine Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. Update CWE-77
Command Injection 		CVE-2026-24712 2026-05-20 01:43 2026-05-15 Show GitHub Exploit DB Packet Storm
376 8.8 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter … Update CWE-863
 Incorrect Authorization 		CVE-2026-45672 2026-05-20 01:39 2026-05-16 Show GitHub Exploit DB Packet Storm
377 8.7 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload c… Update CWE-79
Cross-site Scripting 		CVE-2026-44549 2026-05-20 01:38 2026-05-16 Show GitHub Exploit DB Packet Storm
378 8.1 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTT… Update CWE-22
Path Traversal 		CVE-2026-44565 2026-05-20 01:38 2026-05-16 Show GitHub Exploit DB Packet Storm
379 7.1 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated… Update CWE-862
 Missing Authorization 		CVE-2026-44569 2026-05-20 01:38 2026-05-16 Show GitHub Exploit DB Packet Storm
380 7.3 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of us… Update CWE-602
CWE-863
 Client-Side Enforcement of Server-Side Security
 Incorrect Authorization 		CVE-2026-44567 2026-05-20 01:38 2026-05-16 Show GitHub Exploit DB Packet Storm