Vulnerability Reports JP

past 12 months20212020201920182017201620152014201320122011201020092008


2022/11/25 JVN#87895771:
Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption
2022/11/25 JVN#53682526:
Multiple cross-site scripting vulnerabilities in baserCMS
2022/11/24 JVN#29657972:
TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input
2022/11/21 JVN#26044739:
Typora fails to properly neutralize JavaScript code
2022/11/18 JVN#13927745:
WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables
2022/11/16 JVN#24659622:
RICOH Aficio SP 4210N vulnerable to cross-site scripting
2022/11/16 JVN#37014768:
Multiple vulnerabilities in Movable Type
2022/11/14 JVN#54728399:
TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulation
2022/11/10 JVN#75437943:
Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure
2022/11/08 JVN#59663854:
WordPress Plugin "Salon booking system" vulnerable to cross-site scripting
2022/11/08 JVN#09409909:
Multiple vulnerabilities in WordPress
2022/11/01 JVN#46345126:
Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers
2022/10/28 JVN#74285622:
Multiple vulnerabilities in FUJI SOFT network devices
2022/10/25 JVN#86350682:
Multiple vulnerabilities in SHIRASAGI
2022/10/20 JVN#56968681:
Multiple vulnerabilities in nadesiko3
2022/10/19 JVN#10921428:
Lemon8 App fails to restrict access permissions
2022/10/14 JVN#74534998:
Android App "IIJ SmartKey" vulnerable to information disclosure
2022/10/11 JVN#74592196:[Critical]
bingo!CMS vulnerable to authentication bypass
2022/10/11 JVN#40620121:
The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries
2022/10/07 JVN#00845253:
Growi vulnerable to improper access control
2022/10/06 JVN#15411362:
IPFire WebUI vulnerable to cross-site scripting
2022/09/30 JVN#78862034:
BookStack vulnerable to cross-site scripting
2022/09/15 JVN#21213852:
Multiple vulnerabilities in EC-CUBE
2022/09/15 JVN#30900552:
EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files
2022/09/14 JVN#36454862:[Critical]
Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service
2022/09/09 JVN#48120704:
Movable Type plugin A-Form vulnerable to cross-site scripting
2022/09/05 JVN#34205166:
SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure
2022/09/02 JVN#76024879:
PowerCMS XMLRPC API vulnerable to command injection
2022/08/29 JVN#44721267:
Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries
2022/08/29 JVN#45473612:
Multiple vulnerabilities in CentreCOM AR260S V2
2022/08/24 JVN#57728859:
Movable Type XMLRPC API vulnerable to command injection
2022/08/24 JVN#46239102:
Multiple vulnerabilities in Exment
2022/08/23 JVN#43979089:
PukiWiki vulnerable to cross-site scripting
2022/08/04 JVN#42883072:
Kaitai Struct: compiler vulnerable to denial-of-service (DoS)
2022/07/29 JVN#17625382:
Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001
2022/07/28 JVN#57073973:
"JustSystems JUST Online Update for J-License" starts a program with an unquoted file path
2022/07/27 JVN#81563390:
"Hulu / フールー" App for iOS vulnerable to improper server certificate verification
2022/07/27 JVN#40907489:
"Hulu / フールー" App for Android uses a hard-coded API key for an external service
2022/07/25 JVN#77850327:
WordPress Plugin "Newsletter" vulnerable to cross-site scripting
2022/07/25 JVN#30454777:
Multiple vulnerabilities in untangle
2022/07/22 JVN#75063798:
Booked vulnerable to open redirect
2022/07/20 JVN#20573662:
Multiple vulnerabilities in Cybozu Office
2022/07/12 JVN#12610194:
Django Extract and Trunc functions vulnerable to SQL injection
2022/07/08 JVN#23766146:
Passage Drive vulnerable to insufficient data verification
2022/07/04 JVN#14077132:
Multiple vulnerabilities in Cybozu Garoon
2022/07/04 JVN#32625020:
LiteCart vulnerable to cross-site scripting
2022/06/29 JVN#41017328:
HOME SPOT CUBE2 vulnerable to OS command injection
2022/06/24 JVN#51464799:
L2Blocker Sensor setup screen vulnerable to authentication bypass
2022/06/23 JVN#02158640:
web2py vulnerable to open redirect
2022/06/17 JVN#93667442:
Gitlab vulnerable to server-side request forgery
2022/06/15 JVN#20930118:
FreeBSD vulnerable to denial-of-service (DoS)
2022/06/14 JVN#94363766:
Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting
2022/06/09 JVN#32962443:
SHIRASAGI vulnerable to cross-site scripting
2022/06/01 JVN#28659051:
T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal
2022/06/01 JVN#04155116:
WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting
2022/05/27 JVN#27256219:
RevoWorks incomplete filtering of MS Office v4 macros
2022/05/27 JVN#13878856:
Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification
2022/05/24 JVN#15241647:
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
2022/05/20 JVN#15317878:
Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
2022/05/19 JVN#46892984:
Multiple vulnerabilities in Rakuten Casa
2022/05/16 JVN#73897863:
Multiple vulnerabilities in Cybozu Garoon
2022/05/13 JVN#44550983:
Strapi vulnerable to cross-site scripting
2022/05/13 JVN#46241173:
EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery
2022/05/11 JVN#60037444:
Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
2022/05/10 JVN#60801132:
GENEREX RCCMD vulnerable to directory traversal
2022/05/09 JVN#96561229:[Critical]
Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
2022/05/09 JVN#50337155:
KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass
2022/05/09 JVN#58266015:
Multiple vulnerabilities in multiple MEIKYO ELECTRIC products
2022/04/22 JVN#54857505:
Hammock AssetView missing authentication for critical functions
2022/04/15 JVN#31606885:
WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery
2022/03/30 JVN#59576930:
Zero-channel BBS Plus vulnerable to cross-site scripting
2022/03/30 JVN#42543427:
WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization
2022/03/30 JVN#10140834:
AttacheCase may insecurely load Dynamic Link Libraries
2022/03/16 JVN#21234459:
Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"
2022/03/15 JVN#87751554:
Multiple vulnerabilities in pfSense
2022/03/10 JVN#72801744:
UNIVERGE WA Series vulnerable to OS command injection
2022/03/04 JVN#33214411:
i-FILTER vulnerable to improper check for certificate revocation
2022/03/03 JVN#85572374:
pfSense-pkg-WireGuard vulnerable to directory traversal
2022/03/03 JVN#89524240:
MarkText vulnerable to cross-site scripting
2022/03/03 JVN#87683137:
Norton Security for Mac improperly processes ICMP packets
2022/02/22 JVN#67108459:
EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery
2022/02/22 JVN#53871926:
EC-CUBE improperly handles HTTP Host header values
2022/02/18 JVN#14706307:
Multiple vulnerabilities in a-blog cms
2022/02/17 JVN#00095004:
Multiple vulnerabilities in phpUploader
2022/02/09 JVN#12969207:
HPE Agentless Management registers unquoted service paths
2022/02/08 JVN#17482543:
Multiple vulnerabilities in multiple ELECOM LAN routers
2022/02/07 JVN#95898697:
Multiple ESET products for macOS vulnerable to improper server certificate verification
2022/02/04 JVN#67396225:
CSV+ vulnerable to cross-site scripting
2022/01/25 JVN#70100915:
Multiple vulnerabilities in TransmitMail
2022/01/20 JVN#16690037:
Multiple cross-site scripting vulnerabilities in php_mailform
2022/01/19 JVN#64806328:
Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting
2022/01/13 JVN#19826500:
PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption
2022/01/13 JVN#81479705:
Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials
2022/01/12 JVN#49047921:
Jimoty App for Android uses a hard-coded API key for an external service
2022/01/12 JVN#72788165:
Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"