Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 7, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
257471 6.8 警告 アップル - Apple Mac OS X のディスクイメージにおける任意のコードを実行される脆弱性 CWE-DesignError
CVE-2010-0497 2010-04-14 17:09 2010-03-29 Show GitHub Exploit DB Packet Storm
257472 6.8 警告 アップル - Apple Mac OS X のディスクイメージにおける任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2010-0065 2010-04-13 15:18 2010-03-29 Show GitHub Exploit DB Packet Storm
257473 0 注意 アップル - Apple Mac OS X の DesktopServices におけるリモートファイルをコピーされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-0537 2010-04-13 15:17 2010-03-29 Show GitHub Exploit DB Packet Storm
257474 6.9 警告 アップル - Apple Mac OS X の DesktopServices における disk-quota 制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-0064 2010-04-13 15:17 2010-03-29 Show GitHub Exploit DB Packet Storm
257475 6.9 警告 アップル
ターボリナックス
CUPS		 - CUPS の _cupsGetlang 関数における権限昇格の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-0393 2010-04-13 15:17 2010-03-29 Show GitHub Exploit DB Packet Storm
257476 6.8 警告 アップル - Apple Mac OS X の CoreTypes における任意の JavaScript を実行される脆弱性 CWE-Other
その他 		CVE-2010-0063 2010-04-13 15:17 2010-03-29 Show GitHub Exploit DB Packet Storm
257477 6.8 警告 アップル - Apple Mac OS X の CoreMedia および QuickTime におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2010-0062 2010-04-13 15:17 2010-03-29 Show GitHub Exploit DB Packet Storm
257478 6.8 警告 アップル - Apple Mac OS X の CoreAudio における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2010-0060 2010-04-13 15:16 2010-03-29 Show GitHub Exploit DB Packet Storm
257479 6.8 警告 アップル - Apple Mac OS X の CoreAudio における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2010-0059 2010-04-13 15:16 2010-03-29 Show GitHub Exploit DB Packet Storm
257480 6.4 警告 アップル - Apple Mac OS X の ClamAV におけるシステムにウィルスを取り込む脆弱性 CWE-16
環境設定 		CVE-2010-0058 2010-04-13 15:16 2010-03-29 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 7, 2026, 4:13 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
4741 7.5 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name pr… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-45398 2026-05-19 21:18 2026-05-16 Show GitHub Exploit DB Packet Storm
4742 8.5 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypa… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45400 2026-05-19 21:08 2026-05-16 Show GitHub Exploit DB Packet Storm
4743 8.5 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validate_url() function in backend/open_webui/retrieval/web/utils.py only valida… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45401 2026-05-19 21:07 2026-05-16 Show GitHub Exploit DB Packet Storm
4744 8.8 HIGH
Network 		huggingface diffusers Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hu… CWE-94
Code Injection 		CVE-2026-44827 2026-05-19 12:20 2026-05-15 Show GitHub Exploit DB Packet Storm
4745 8.8 HIGH
Network 		huggingface diffusers Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user p… CWE-94
Code Injection 		CVE-2026-44513 2026-05-19 12:18 2026-05-15 Show GitHub Exploit DB Packet Storm
4746 8.8 HIGH
Network 		google chrome Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page… CWE-416
 Use After Free 		CVE-2026-8551 2026-05-19 12:15 2026-05-15 Show GitHub Exploit DB Packet Storm
4747 4.3 MEDIUM
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the _validate_collection_access function uses an incomplete allowlist that only enfo… CWE-863
 Incorrect Authorization 		CVE-2026-44557 2026-05-19 12:13 2026-05-16 Show GitHub Exploit DB Packet Storm
4748 7.1 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses endpoint in the OpenAI router accepts any authenticated user and forw… CWE-284
CWE-862
Improper Access Control
 Missing Authorization 		CVE-2026-44556 2026-05-19 12:12 2026-05-16 Show GitHub Exploit DB Packet Storm
4749 7.6 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via base_model_id: a user-defined model (e.g.,… CWE-862
 Missing Authorization 		CVE-2026-44555 2026-05-19 12:12 2026-05-16 Show GitHub Exploit DB Packet Storm
4750 8.1 HIGH
Network 		openwebui open_webui Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collection_n… CWE-862
 Missing Authorization 		CVE-2026-44554 2026-05-19 12:12 2026-05-16 Show GitHub Exploit DB Packet Storm