Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 27, 2026, 2:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
631	7.7	重要 Network	openwebui	open webui	openwebuiのopen webuiにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-45303	2026-05-20 13:27	2026-05-15	Show	GitHub Exploit DB Packet Storm

632	6.1	警告 Network	openwebui	open webui	openwebuiのopen webuiにおける代替 XSS 構文の不適切な無効化に関する脆弱性	CWE-87 代替 XSS 構文の不適切な無効化	CVE-2026-45314	2026-05-20 13:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

633	8.7	重要 Network	openwebui	open webui	openwebuiのopen webuiにおける複数の脆弱性	CWE-434 CWE-646 CWE-79	CVE-2026-45315	2026-05-20 13:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

634	3.5	低 Network	openwebui	open webui	openwebuiのopen webuiにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-45316	2026-05-20 13:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

635	4.6	警告 Network	openwebui	open webui	openwebuiのopen webuiにおける複数の脆弱性	CWE-20 CWE-352	CVE-2026-45317	2026-05-20 13:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

636	5.4	警告 Network	openwebui	open webui	openwebuiのopen webuiにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-45318	2026-05-20 13:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

637	8.5	重要 Network	openwebui	open webui	openwebuiのopen webuiにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-45331	2026-05-20 13:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

638	7.7	重要 Network	openwebui	open webui	openwebuiのopen webuiにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-45338	2026-05-20 13:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

639	6.5	警告 Network	openwebui	open webui	openwebuiのopen webuiにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-45339	2026-05-20 13:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

640	6.5	警告 Network	openwebui	open webui	openwebuiのopen webuiにおける認可に関する脆弱性	CWE-285 不適切な認可	CVE-2026-45345	2026-05-20 13:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
311401	-		-	-	A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: thi…	-	CVE-2024-46257	2024-10-25 03:15	2024-09-28	Show	GitHub Exploit DB Packet Storm

311402	7.5	HIGH Network	mfasoft	secure_authentication_server	An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows re…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-46937	2024-10-25 02:35	2024-09-16	Show	GitHub Exploit DB Packet Storm

311403	7.5	HIGH Network	opendaylight	authentication\ _authorization_and_accounting	An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue con…	NVD-CWE-noinfo	CVE-2024-46943	2024-10-25 02:35	2024-09-16	Show	GitHub Exploit DB Packet Storm

311404	6.7	MEDIUM Local	crucial	mx500_firmware	Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller.	CWE-787 Out-of-bounds Write	CVE-2024-42642	2024-10-25 02:35	2024-09-5	Show	GitHub Exploit DB Packet Storm

311405	-		-	-	A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.	-	CVE-2024-46256	2024-10-25 02:15	2024-09-28	Show	GitHub Exploit DB Packet Storm

311406	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' This commit adds a null check for 'stream_st…	CWE-476 NULL Pointer Dereference	CVE-2024-49912	2024-10-25 02:10	2024-10-22	Show	GitHub Exploit DB Packet Storm

311407	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference …	CWE-476 NULL Pointer Dereference	CVE-2024-49914	2024-10-25 02:09	2024-10-22	Show	GitHub Exploit DB Packet Storm

311408	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw This commit addresses a potential null pointer dereference issue in …	CWE-476 NULL Pointer Dereference	CVE-2024-49915	2024-10-25 02:08	2024-10-22	Show	GitHub Exploit DB Packet Storm

311409	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw This commit addresses a potential null pointer d…	CWE-476 NULL Pointer Dereference	CVE-2024-49916	2024-10-25 02:03	2024-10-22	Show	GitHub Exploit DB Packet Storm

311410	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw This commit addresses a potential null pointer de…	CWE-476 NULL Pointer Dereference	CVE-2024-49917	2024-10-25 01:54	2024-10-22	Show	GitHub Exploit DB Packet Storm