Vulnerability Reports JP

2024

2024/11/20 JVN#16114985:

"Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

2024/11/15 JVN#36791327:

Multiple vulnerabilities in FitNesse

2024/11/13 JVN#05136799:

WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting

2024/10/31 JVN#87770340:

Stack-based buffer overflow vulnerability in multiple Ricoh laser printers and MFPs which implement Web Image Monitor

2024/10/30 JVN#11779839:

Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials

2024/10/28 JVN#78335885:

Chatwork Desktop Application (Windows) uses a potentially dangerous function

2024/10/25 JVN#00876083:

Multiple vulnerabilities in baserCMS

2024/10/18 JVN#41397971:

Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

2024/10/18 JVN#57285747:

N-LINE vulnerable to HTML injection

2024/10/18 JVN#31982676:

MUSASI version 3 performing authentication on client-side

2024/10/15 JVN#58721679:

SHIRASAGI vulnerable to path traversal

2024/10/11 JVN#74538317:

Multiple vulnerabilities in Exment

2024/10/10 JVN#54676967:

baserCMS plugin "BurgerEditor" vulnerable to directory listing

2024/10/01 JVN#72148744:

Apache Tomcat improper handling of TLS handshake process data

2024/09/30 JVN#39280069:

RevoWorks Cloud vulnerable to unintended process execution

2024/09/30 JVN#42445661:

Multiple vulnerabilities in Smart-tab

2024/09/27 JVN#21176842:

MF Teacher Performance Management System vulnerable to cross-site scripting

2024/09/24 JVN#57749899:

The installer of e-Tax software(common program) vulnerable to privilege escalation

2024/09/24 JVN#78356367:

Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions

2024/09/24 JVN#81966868:

Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

2024/09/18 JVN#19766555:

Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

2024/09/18 JVN#42386607:

Assimp vulnerable to heap-based buffer overflow

2024/09/09 JVN#05579230:

Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

2024/09/09 JVN#67456481:

Pgpool-II vulnerable to information disclosure

2024/09/09 JVN#65724976:

WordPress Plugin "Forminator" vulnerable to cross-site scripting

2024/09/09 JVN#81570776:

"@cosme" App fails to restrict custom URL schemes properly

2024/09/06 JVN#32529796:

Multiple products from KINGSOFT JAPAN vulnerable to path traversal

2024/09/06 JVN#49873988:

Secure Boot bypass Vulnerability in PRIMERGY

2024/09/04 JVN#67963942:

WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

2024/08/30 JVN#29238389:

IPCOM vulnerable to information disclosure

2024/08/30 JVN#25264194:

Multiple vulnerabilities in WordPress plugin "Carousel Slider"

2024/08/29 JVN#08342147:

WindLDR and WindO/I-NV4 store sensitive information in cleartext

2024/08/27 JVN#24885537:

Multiple vulnerabilities in ELECOM wireless LAN routers and access points

2024/08/23 JVN#12824024:

BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection

2024/08/22 JVN#83440451:

Multiple Safie products vulnerable to improper server certificate verification

2024/08/20 JVN#56648919:

"Rakuten Ichiba App" fails to restrict custom URL schemes properly

2024/08/06 JVN#78728294:

Firmware update for RICOH JavaTM Platform resets the TLS configuration

2024/08/06 JVN#29845579:

Cybozu Office vulnerable to bypass browsing restrictions in Custom App

2024/08/05 JVN#70666401:

Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN

2024/08/05 JVN#50850706:

Pimax Play and PiTool accept WebSocket connections from unintended endpoints

2024/07/30 JVN#26734798:

FFRI AMC vulnerable to OS command injection

2024/07/30 JVN#26225832:

EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting

2024/07/30 JVN#48324254:

EC-CUBE 4 Series improper input validation when installing plugins

2024/07/30 JVN#06672778:

Multiple vulnerabilities in ELECOM wireless LAN routers

2024/07/29 JVN#84326763:

Multiple vulnerabilities in SKYSEA Client View

2024/07/29 JVN#16420523:

SDoP vulnerable to stack-based buffer overflow

2024/07/26 JVN#02030803:

ORC vulnerable to stack-based buffer overflow

2024/07/18 JVN#87710540:

Assimp vulnerable to heap-based buffer overflow

2024/07/16 JVN#74825766:

Cybozu Garoon vulnerable to cross-site scripting

2024/07/16 JVN#25583987:

FUJITSU Network Edgiot GW1500 vulnerable to path traversal

2024/07/10 JVN#14294633:

Out-of-bounds write vulnerability in Ricoh MFPs and printers

2024/07/09 JVN#81442045:

Multiple vulnerabilities in multiple Webmin products

2024/07/08 JVN#28515217:

Cleartext transmission issue in TONE store App to TONE store

2024/07/03 JVN#94347255:

JP1/Extensible SNMP Agent fails to restrict access permissions

2024/06/28 JVN#01073312:

"Piccoma" App uses a hard-coded API key for an external service

2024/06/26 JVN#34977158:

WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

2024/06/19 JVN#37818611:

"ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

2024/06/19 JVN#60331535:

WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page

2024/06/18 JVN#00442488:

Multiple vulnerabilities in Ricoh Streamline NX PC Client

2024/06/18 JVN#65171386:

Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR

2024/06/12 JVN#25594256:

Denial-of-service (DoS) vulnerability in IPCOM WAF function

2024/06/07 JVN#79213252:

WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

2024/06/07 JVN#55045256:

Multiple vulnerabilities in "FreeFrom - the nostr client" App

2024/06/03 JVN#43215077:

Multiple vulnerabilities in UNIVERSAL PASSPORT RX

2024/05/30 JVN#80506242:

awkblog vulnerable to OS command injection

2024/05/29 JVN#22182715:

Redmine DMSF Plugin vulnerable to path traversal

2024/05/29 JVN#15637138:

EC-Orange vulnerable to authorization bypass

2024/05/28 JVN#17680667:

Multiple vulnerabilities in Unifier and Unifier Cast

2024/05/28 JVN#71404925:

Multiple vulnerabilities in UTAU

2024/05/24 JVN#56781258:

Splunk Config Explorer vulnerable to cross-site scripting

2024/05/24 JVN#35838128:

WordPress Plugin "WP Booking" vulnerable to cross-site scripting

2024/05/21 JVN#29471697:

Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

2024/05/17 JVN#85380030:

WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal

2024/05/13 JVN#28869536:

Multiple vulnerabilities in Cybozu Garoon

2024/05/10 JVN#83405304:

"OfferBox" App uses a hard-coded secret key

2024/05/10 JVN#61054671:

Phormer vulnerable to cross-site scripting

2024/05/09 JVN#97751842:

Multiple vulnerabilities in MosP kintai kanri

2024/05/08 JVN#87694318:

WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting

2024/04/24 JVN#62737544:

Multiple vulnerabilities in RoamWiFi R10

2024/04/23 JVN#40079147:[Unreachable]

TvRock vulnerable to denial-of-service (DoS)

2024/04/23 JVN#24683352:[Unreachable]

TvRock vulnerable to cross-site request forgery

2024/04/18 JVN#50132400:

Multiple vulnerabilities in WordPress Plugin "Forminator"

2024/04/16 JVN#23835228:

Proscend Communications M330-W and M330-W5 vulnerable to OS command injection

2024/04/15 JVN#58236836:

Multiple vulnerabilities in BUFFALO wireless LAN routers

2024/04/10 JVN#70977403:

Multiple vulnerabilities in a-blog cms

2024/04/08 JVN#50361500:

Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

2024/04/05 JVN#82074338:

Multiple vulnerabilities in NEC Aterm series

2024/03/29 JVN#23528780:

"Yahoo! JAPAN" App vulnerable to cross-site scripting

2024/03/27 JVN#40367518:

SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries

2024/03/27 JVN#51098626:

Multiple vulnerabilities in WordPress Plugin "Survey Maker"

2024/03/25 JVN#46874970:[Unreachable]

0ch BBS Script (0ch) vulnerable to cross-site scripting

2024/03/25 JVN#17176449:[Unreachable]

ffBull vulnerable to OS command injection

2024/03/25 JVN#40523785:[Unreachable]

Mini Thread vulnerable to cross-site scripting

2024/03/25 JVN#22376992:[Unreachable]

WebProxy vulnerable to OS command injection

2024/03/25 JVN#69107517:[Unreachable]

TvRock vulnerable to cross-site scripting

2024/03/25 JVN#13113728:[Unreachable]

"EasyRange" may insecurely load executable files

2024/03/25 JVN#86206017:

WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery

2024/03/18 JVN#94521208:

Multiple vulnerabilities in FitNesse

2024/03/15 JVN#70640802:

"ABEMA" App for Android fails to restrict access permissions

2024/03/08 JVN#48443978:

a-blog cms vulnerable to directory traversal

2024/03/07 JVN#54451757:

Multiple vulnerabilities in SKYSEA Client View

2024/03/06 JVN#34328023:

FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery

2024/03/06 JVN#82749078:

Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management

2024/03/06 JVN#52919306:

Toyoko Inn official App vulnerable to improper server certificate verification

2024/02/29 JVN#35928117:

Protection mechanism failure in RevoWorks

2024/02/29 JVN#77203800:

OET-213H-BTS1 missing authorization check in the initial configuration

2024/02/29 JVN#78084105:

OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting

2024/02/27 JVN#73283159:

Multiple vulnerabilities in baserCMS

2024/02/20 JVN#44166658:

Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater

2024/02/15 JVN#48966481:

a-blog cms vulnerable to URL spoofing

2024/02/07 JVN#44033918:

Zeroshell vulnerable to OS command injection

2024/02/06 JVN#18743512:

Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)

2024/02/01 JVN#63567545:

Group Office vulnerable to cross-site scripting

2024/02/01 JVN#41129639:

Payment EX vulnerable to information disclosure

2024/01/24 JVN#70818619:

"Mercari" App for Android fails to restrict custom URL schemes properly

2024/01/24 JVN#93541851:

Oracle WebLogic Server vulnerable to HTTP header injection

2024/01/23 JVN#96154238:

Android App "Spoon" uses a hard-coded API key for an external service

2024/01/23 JVN#77736613:

Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"

2024/01/23 JVN#01434915:

Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"

2024/01/23 JVN#40049211:

Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

2024/01/22 JVN#73587943:

Access analysis CGI An-Analyzer vulnerable to open redirect

2024/01/22 JVN#34565930:

Multiple vulnerabilities in a-blog cms

2024/01/19 JVN#67215338:

FusionPBX vulnerable to cross-site scripting

2024/01/18 JVN#83655695:

Multiple Dahua Technology products vulnerable to authentication bypass

2024/01/16 JVN#63383723:

Drupal vulnerable to improper handling of structural elements

2024/01/15 JVN#51135247:

Pleasanter vulnerable to cross-site scripting

2024/01/15 JVN#96240417:

Thermal camera TMC series vulnerable to insufficient technical documentation

2024/01/12 JVN#37326856:

Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"

2023

2023/12/26 JVN#32646742:

Multiple vulnerabilities in PowerCMS

2023/12/26 JVN#23771490:

Multiple vulnerabilities in BUFFALO VR-S1000

2023/12/13 JVN#18715935:

Multiple vulnerabilities in GROWI

2023/12/11 JVN#34145838:

Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

2023/12/04 JVN#46895889:

RakRak Document Plus vulnerable to path traversal

2023/12/01 JVN#45891816:

Ruckus Access Point vulnerable to cross-site scripting