Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
531	6.5	警告 Network	openwebui	open webui	openwebuiのopen webuiにおける同一生成元ポリシー違反に関する脆弱性	CWE-346 同一生成元ポリシー違反	CVE-2026-54007	2026-06-26 11:56	2026-06-23	Show	GitHub Exploit DB Packet Storm

532	8.5	重要 Network	openwebui	open webui	openwebuiのopen webuiにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-54008	2026-06-26 11:56	2026-06-23	Show	GitHub Exploit DB Packet Storm

533	6.5	警告 Network	openwebui	open webui	openwebuiのopen webuiにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-54009	2026-06-26 11:56	2026-06-23	Show	GitHub Exploit DB Packet Storm

534	8.3	重要 Network	openwebui	open webui	openwebuiのopen webuiにおける複数の脆弱性	CWE-284 CWE-639 CWE-862	CVE-2026-54010	2026-06-26 11:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

535	5.4	警告 Network	openwebui	open webui	openwebuiのopen webuiにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-54011	2026-06-26 11:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

536	7.1	重要 Network	openwebui	open webui	openwebuiのopen webuiにおける複数の脆弱性	CWE-284 CWE-285 CWE-862	CVE-2026-54012	2026-06-26 11:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

537	7.6	重要 Network	openwebui	open webui	openwebuiのopen webuiにおける複数の脆弱性	CWE-116 CWE-693 CWE-79	CVE-2026-54013	2026-06-26 11:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

538	4.3	警告 Network	openwebui	open webui	openwebuiのopen webuiにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-54014	2026-06-26 11:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

539	6.4	警告 Network	openwebui	open webui	openwebuiのopen webuiにおける複数の脆弱性	CWE-284 CWE-639	CVE-2026-54015	2026-06-26 11:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

540	4.3	警告 Network	openwebui	open webui	openwebuiのopen webuiにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-54016	2026-06-26 11:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
191471	7.8	HIGH Local	gnu	cpio	GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is …	CWE-190 Integer Overflow or Wraparound	CVE-2021-38185	2024-11-21 15:16	2021-08-8	Show	GitHub Exploit DB Packet Storm

191472	9.8	CRITICAL Network	digint debian fedoraproject	btrbk debian_linux fedora	Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.	CWE-77 Command Injection	CVE-2021-38173	2024-11-21 15:16	2021-08-8	Show	GitHub Exploit DB Packet Storm

191473	8.8	HIGH Network	roxy-wi	roxy-wi	Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py.	CWE-77 Command Injection	CVE-2021-38169	2024-11-21 15:16	2021-08-8	Show	GitHub Exploit DB Packet Storm

191474	8.8	HIGH Network	roxy-wi	roxy-wi	Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers.	CWE-89 SQL Injection	CVE-2021-38168	2024-11-21 15:16	2021-08-8	Show	GitHub Exploit DB Packet Storm

191475	9.8	CRITICAL Network	roxy-wi	roxy-wi	Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extract a valid uuid to bypass authentication.	CWE-89 SQL Injection	CVE-2021-38167	2024-11-21 15:16	2021-08-8	Show	GitHub Exploit DB Packet Storm

191476	7.8	HIGH Local	linux fedoraproject debian	linux_kernel fedora debian_linux	In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impracti…	CWE-787 CWE-190 Out-of-bounds Write Integer Overflow or Wraparound	CVE-2021-38166	2024-11-21 15:16	2021-08-8	Show	GitHub Exploit DB Packet Storm

191477	5.3	MEDIUM Network	lynx_project debian fedoraproject	lynx debian_linux fedora	Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.	CWE-522 Insufficiently Protected Credentials	CVE-2021-38165	2024-11-21 15:16	2021-08-8	Show	GitHub Exploit DB Packet Storm

191478	9.8	CRITICAL Network	progress	moveit_transfer	In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the da…	CWE-89 SQL Injection	CVE-2021-38159	2024-11-21 15:16	2021-08-8	Show	GitHub Exploit DB Packet Storm

191479	7.8	HIGH Local	linux netapp debian redhat	linux_kernel hci_bootstrap_os solidfire hci_management_node element_software debian_linux enterprise_linux	In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the…	CWE-120 Classic Buffer Overflow	CVE-2021-38160	2024-11-21 15:16	2021-08-7	Show	GitHub Exploit DB Packet Storm

191480	9.8	CRITICAL Network	obsidian	obsidian	Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs.	NVD-CWE-noinfo	CVE-2021-38148	2024-11-21 15:16	2021-08-7	Show	GitHub Exploit DB Packet Storm