Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 20, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
256491	9.3	危険	マイクロソフト	-	複数の Microsoft 製品のテキストコンバーターにおける整数オーバーフローの脆弱性	CWE-94 コード・インジェクション	CVE-2009-2506	2010-01-22 10:27	2009-12-8	Show	GitHub Exploit DB Packet Storm

256492	9	危険	マイクロソフト	-	Microsoft Windows の Active Directory フェデレーションサービスにおける任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2009-2509	2010-01-22 10:27	2009-12-8	Show	GitHub Exploit DB Packet Storm

256493	6.9	警告	マイクロソフト	-	Microsoft Windows の Active Directory フェデレーションサービスのシングルサインオン実装における認証情報を取得される脆弱性	CWE-255 証明書・パスワード管理	CVE-2009-2508	2010-01-22 10:27	2009-12-8	Show	GitHub Exploit DB Packet Storm

256494	6.8	警告	マイクロソフト	-	Microsoft Windows の LSASS におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2009-3675	2010-01-22 10:27	2009-12-8	Show	GitHub Exploit DB Packet Storm

256495	9.3	危険	マイクロソフト	-	Microsoft Project における任意のコードを実行される脆弱性	CWE-399 リソース管理の問題	CVE-2009-0102	2010-01-22 10:26	2009-12-8	Show	GitHub Exploit DB Packet Storm

256496	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer におけるメモリ破損の脆弱性	CWE-94 コード・インジェクション	CVE-2009-3673	2010-01-22 10:26	2009-12-8	Show	GitHub Exploit DB Packet Storm

256497	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer におけるメモリ破損の脆弱性	CWE-399 リソース管理の問題	CVE-2009-3671	2010-01-22 10:26	2009-12-8	Show	GitHub Exploit DB Packet Storm

256498	10	危険	マイクロソフト	-	Microsoft Windows のインターネット認証サービスにおけるネットワークリソースにアクセスされる脆弱性	CWE-255 CWE-94	CVE-2009-3677	2010-01-22 10:24	2009-12-8	Show	GitHub Exploit DB Packet Storm

256499	10	危険	マイクロソフト	-	Microsoft Windows のインターネット認証サービスにおける任意のコードを実行される脆弱性	CWE-287 不適切な認証	CVE-2009-2505	2010-01-22 10:24	2009-12-8	Show	GitHub Exploit DB Packet Storm

256500	6.9	警告	acpid	-	acpid の umask におけるサービス運用妨害 (DoS) の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-4235	2010-01-21 11:44	2009-12-7	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
561	7.1	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks acr… Update	CWE-862 Missing Authorization	CVE-2026-45399	2026-05-19 12:08	2026-05-16	Show	GitHub Exploit DB Packet Storm

562	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When… Update	CWE-863 Incorrect Authorization	CVE-2026-45339	2026-05-19 12:07	2026-05-16	Show	GitHub Exploit DB Packet Storm

563	8.5	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retrieval/web/utils.py calls validators.ipv6(ip… Update	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45331	2026-05-19 12:06	2026-05-16	Show	GitHub Exploit DB Packet Storm

564	4.8	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overl… Update	CWE-79 Cross-site Scripting	CVE-2026-44568	2026-05-19 12:06	2026-05-16	Show	GitHub Exploit DB Packet Storm

565	4.3	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for … Update	CWE-200 Information Exposure	CVE-2026-45387	2026-05-19 12:05	2026-05-16	Show	GitHub Exploit DB Packet Storm

566	7.2	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool update endpoint (POST /api/v1/tools/id/{id}/update) is missing the workspac… Update	CWE-269 CWE-862 Improper Privilege Management Missing Authorization	CVE-2026-45395	2026-05-19 12:05	2026-05-16	Show	GitHub Exploit DB Packet Storm

567	4.3	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any cha… Update	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-45385	2026-05-19 10:45	2026-05-16	Show	GitHub Exploit DB Packet Storm

568	6.3	MEDIUM Network	open5gs	open5gs	A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in … New	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-8743	2026-05-19 10:35	2026-05-17	Show	GitHub Exploit DB Packet Storm

569	5.5	MEDIUM Local	steipete	summarize	Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default… New	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2026-45246	2026-05-19 10:34	2026-05-19	Show	GitHub Exploit DB Packet Storm

570	5.4	MEDIUM Network	steipete	summarize	Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation featu… New	CWE-862 Missing Authorization	CVE-2026-45244	2026-05-19 10:34	2026-05-19	Show	GitHub Exploit DB Packet Storm