Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 18, 2026, 4:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
244681 4.3 警告 The Cacti Group - Cacti における HTTP レスポンス分割攻撃を実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2008-0786 2012-06-26 15:55 2008-02-14 Show GitHub Exploit DB Packet Storm
244682 7.5 危険 The Cacti Group - Cacti における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0785 2012-06-26 15:55 2008-02-14 Show GitHub Exploit DB Packet Storm
244683 5 警告 The Cacti Group - Cacti の graph.php におけるフルパスを取得される脆弱性 CWE-200
情報漏えい 		CVE-2008-0784 2012-06-26 15:55 2008-02-14 Show GitHub Exploit DB Packet Storm
244684 4.3 警告 The Cacti Group - Cacti におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0783 2012-06-26 15:55 2008-02-14 Show GitHub Exploit DB Packet Storm
244685 7.5 危険 astats
Joomla!		 - Joomla! の astatspro コンポーネントの refer.php における任意の SQL コマンドを実行される脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0839 2012-06-26 15:55 2008-02-20 Show GitHub Exploit DB Packet Storm
244686 7.5 危険 アップル - iPhoto 用 DPAP サーバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2008-0830 2012-06-26 15:55 2008-02-19 Show GitHub Exploit DB Packet Storm
244687 4.3 警告 ATutor - ATutor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0828 2012-06-26 15:55 2008-02-19 Show GitHub Exploit DB Packet Storm
244688 4.3 警告 caroline - Claroline におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0826 2012-06-26 15:55 2008-02-19 Show GitHub Exploit DB Packet Storm
244689 7.5 危険 caroline - Claroline における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0825 2012-06-26 15:55 2008-02-19 Show GitHub Exploit DB Packet Storm
244690 10 危険 caroline - Claroline の php2phps 関数における詳細不明な脆弱性 CWE-noinfo
情報不足 		CVE-2008-0824 2012-06-26 15:55 2008-02-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
171 6.5 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), th… New CWE-862
 Missing Authorization 		CVE-2026-44571 2026-05-16 08:16 2026-05-16 Show GitHub Exploit DB Packet Storm
172 6.5 MEDIUM
Network 		- - Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized… New CWE-787
 Out-of-bounds Write 		CVE-2026-8669 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
173 5.3 MEDIUM
Local 		- - Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer G… New CWE-787
 Out-of-bounds Write 		CVE-2026-8454 2026-05-16 07:16 2026-05-15 Show GitHub Exploit DB Packet Storm
174 - - - Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. New CWE-331
 Insufficient Entropy 		CVE-2026-46474 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
175 5.4 MEDIUM
Network 		- - phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, incl… New CWE-862
 Missing Authorization 		CVE-2026-46365 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
176 7.5 HIGH
Network 		- - phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attac… New CWE-89
SQL Injection 		CVE-2026-46359 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
177 8.0 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE … New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-45671 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
178 6.5 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.ap… New CWE-862
 Missing Authorization 		CVE-2026-45667 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
179 6.5 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowin… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-45666 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm
180 8.1 HIGH
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due… New CWE-79
Cross-site Scripting 		CVE-2026-45665 2026-05-16 07:16 2026-05-16 Show GitHub Exploit DB Packet Storm