Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 19, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
244501 7.5 危険 emedia office gmbh - CuteFlow における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-1632 2012-06-26 16:02 2008-04-2 Show GitHub Exploit DB Packet Storm
244502 7.5 危険 emedia office gmbh - CuteFlow の login.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-1631 2012-06-26 16:02 2008-04-2 Show GitHub Exploit DB Packet Storm
244503 4.3 警告 emedia office gmbh - CuteFlow におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-1630 2012-06-26 16:02 2008-04-2 Show GitHub Exploit DB Packet Storm
244504 3.5 注意 cds software consortium - CDS Invenio における任意のユーザの電子メール通知アラートを削除される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-1627 2012-06-26 16:02 2008-04-2 Show GitHub Exploit DB Packet Storm
244505 7.5 危険 eggblog - eggBlog における SQL インジェクションの脆弱性 CWE-20
CWE-89
CVE-2008-1626 2012-06-26 16:02 2008-03-28 Show GitHub Exploit DB Packet Storm
244506 6.8 警告 AVAST Software s.r.o. - avast! Home and Professional の aavmker4.sys における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-1625 2012-06-26 16:02 2008-04-2 Show GitHub Exploit DB Packet Storm
244507 6.8 警告 geertsen holdings inc - GeeCarts における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-1622 2012-06-26 16:02 2008-04-2 Show GitHub Exploit DB Packet Storm
244508 4.3 警告 geertsen holdings inc - GeeCarts におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-1621 2012-06-26 16:02 2008-04-2 Show GitHub Exploit DB Packet Storm
244509 7.5 危険 2X Software - 2X ThinClientServer の 2X TFTP サービスにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-1620 2012-06-26 16:02 2008-04-2 Show GitHub Exploit DB Packet Storm
244510 7.5 危険 clever copy - Clever Copy の postview.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-1608 2012-06-26 16:02 2008-04-1 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
91 - - - Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sour… New CWE-93
CRLF Injection 		CVE-2026-8788 2026-05-19 02:40 2026-05-18 Show GitHub Exploit DB Packet Storm
92 7.8 HIGH
Local 		- - VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ma… New CWE-428
 Unquoted Search Path or Element 		CVE-2021-47974 2026-05-19 02:38 2026-05-17 Show GitHub Exploit DB Packet Storm
93 8.4 HIGH
Local 		- - VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craf… New CWE-120
Classic Buffer Overflow 		CVE-2018-25328 2026-05-19 02:38 2026-05-17 Show GitHub Exploit DB Packet Storm
94 5.0 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses model_config = ConfigDict(extra='allow'), which permits arbitrary fi… New CWE-862
 Missing Authorization 		CVE-2026-44550 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
95 8.1 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collection_n… New CWE-862
 Missing Authorization 		CVE-2026-44554 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
96 5.4 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filter_allowed_access_grants on either create or up… New CWE-862
 Missing Authorization 		CVE-2026-44558 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
97 4.3 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and … New CWE-862
 Missing Authorization 		CVE-2026-44559 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
98 6.5 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" (non-full-context), type: "text" with collection_name, and bare col… New CWE-862
 Missing Authorization 		CVE-2026-44560 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
99 5.4 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but do… New CWE-863
 Incorrect Authorization 		CVE-2026-44561 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm
100 7.6 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via base_model_id: a user-defined model (e.g.,… New CWE-862
 Missing Authorization 		CVE-2026-44555 2026-05-19 02:36 2026-05-16 Show GitHub Exploit DB Packet Storm