Vulnerability Reports

past 12 months20222021202020192018201720162015201420132012201120102009

2023

2023/09/22 JVN#97197972:
Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
2023/09/19 JVNVU#90967486:[Critical]
Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution
2023/09/12 JVNVU#95282683:
Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
2023/09/11 JVN#41113329:
Pyramid vulnerable to directory traversal
2023/09/06 JVN#42691027:
"direct" Desktop App for macOS fails to restrict access permissions
2023/09/05 JVN#78113802:
Multiple vulnerabilities in F-RevoCRM
2023/09/05 JVN#92720882:
Multiple vulnerabilities in CGIs of PMailServer and PMailServer2
2023/09/04 JVN#82758000:
Multiple vulnerabilities in SHIRASAGI
2023/08/31 JVN#60140221:
Multiple vulnerabilities in i-PRO VI Web Client
2023/08/28 JVNVU#93886750:
Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL
2023/08/24 JVN#86484824:
SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
2023/08/24 JVN#03447226:
"Skylark" App fails to restrict custom URL schemes properly
2023/08/23 JVN#55217369:
Rakuten WiFi Pocket vulnerable to improper authentication
2023/08/21 JVNVU#96622721:
Multiple vulnerabilities in Panasonic Control FPWIN Pro7
2023/08/21 JVN#98946408:
WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
2023/08/21 JVN#04876736:
Multiple vulnerabilities in LuxCal Web Calendar
2023/08/21 JVNVU#99392903:
Multiple vulnerabilities in TP-Link products
2023/08/21 JVNVU#92545432:
Multiple vulnerabilities in CBC digital video recorders
2023/08/18 JVN#19661362:[Critical]
Multiple vulnerabilities in Proself
2023/08/17 JVN#46993816:
EC-CUBE 2 series vulnerable to cross-site scripting
2023/08/10 JVNVU#91630351:
Multiple vulnerabilities in ELECOM and LOGITEC network devices
2023/08/09 JVNVU#98367862:
Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)
2023/08/09 JVN#84820712:
"Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly
2023/08/07 JVN#42527152:
"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly
2023/08/07 JVN#83334799:
Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API
2023/08/04 JVN#38847224:
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext
2023/08/02 JVN#61337171:
SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
2023/08/01 JVNVU#92193064:
OMRON CJ series and CS/CJ Series EtherNet/IT unit vulnerable to Denial-of-Service (DoS)
2023/08/01 JVNVU#93286117:
Multiple vulnerabilities in OMRON CX-Programmer
2023/07/27 JVNVU#98785541:
Multiple vulnerabilities in Command Center RX (CCRX) of Kyocera Document Solutions MFPs and printers
2023/07/26 JVN#95727578:
Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials
2023/07/26 JVNVU#96643580:
Fujitsu network devices Si-R series and SR-M series vulnerable to authentication bypass
2023/07/24 JVN#37857022:
Improper restriction of XML external entity references (XXE) in Applicant Programme
2023/07/24 JVNVU#93384719:
Trend Micro Maximum Security vulnerable to privilege escalation
2023/07/21 JVN#35897618:[Critical]
GBrowse vulnerable to unrestricted upload of files with dangerous types
2023/07/20 JVN#90560760:
Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"
2023/07/18 JVN#44726469:
Improper restriction of XML external entity references (XXE) in XBRL data create application
2023/07/11 JVNVU#91850798:
Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers
2023/07/11 JVN#05223215:
Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
2023/07/03 JVN#64316789:
Multiple vulnerabilities in SoftEther VPN and PacketiX VPN
2023/06/30 JVN#32739265:
"NewsPicks" App uses a hard-coded API key for an external service
2023/06/29 JVNVU#93767756:
Null pointer dereference vulnerability in multiple printers and MFPs which implement BROTHER debut web server
2023/06/27 JVN#97127032:
WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal
2023/06/27 JVN#78634340:
Multiple vulnerabilities in WAVLINK WL-WN531AX2
2023/06/27 JVN#38343415:
Multiple vulnerabilities in Aterm series
2023/06/22 JVN#97818024:
Multiple vulnerabilities in Pleasanter
2023/06/20 JVN#70502982:
SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
2023/06/16 JVN#19748237:
Multiple vulnerabilities in Panasonic AiSEG2
2023/06/14 JVNVU#92207133:
Printer Driver Packager NX creates driver installation packages without modification detection
2023/06/13 JVNVU#91852506:
Security updates for multiple Trend Micro products for enterprises (June 2023)
2023/06/13 JVN#96828492:
Chatwork Desktop Application (Mac) vulnerable to code injection
2023/06/12 JVN#36060509:
"WPS Office" vulnerable to OS command injection
2023/06/09 JVN#34232595:
ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute
2023/06/09 JVN#28412757:
Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT
2023/06/08 JVNVU#98818508:
Multiple vulnerabilities in Fuji Electric products
2023/06/06 JVNVU#90812349:
Multiple vulnerabilities in KbDevice digital video recorders
2023/06/02 JVNVU#97809354:
Multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader
2023/06/01 JVN#33836375:
"Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification
2023/05/31 JVNVU#93372935:
Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
2023/05/31 JVN#62111727:
Pleasanter vulnerable to cross-site scripting
2023/05/31 JVN#38222042:
DataSpider Servista uses a hard-coded cryptographic key
2023/05/30 JVN#95981715:
Starlette vulnerable to directory traversal
2023/05/26 JVN#19243534:
ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal
2023/05/25 JVN#90278893:
Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access
2023/05/24 JVNVU#94777298:
Multiple vulnerabilities in Canon Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers
2023/05/22 JVN#45127776:
Tornado vulnerable to open redirect
2023/05/19 JVN#14778242:
Multiple vulnerabilities in T&D and ESPEC MIC data logger products
2023/05/18 JVNVU#97891206:
Android App "Brother iPrint&Scan" vulnerable to improper access control
2023/05/18 JVN#48687031:
Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay
2023/05/16 JVNVU#98968780:
OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT
2023/05/15 JVN#41694426:
Multiple vulnerabilities in Cybozu Garoon
2023/05/15 JVN#01093915:
Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"
2023/05/12 JVN#11705010:
Beekeeper Studio vulnerable to code injection
2023/05/10 JVN#31701509:
Multiple vulnerabilities in MicroEngine Mailform
2023/05/09 JVN#59341308:
WordPress Plugin "Newsletter" vulnerable to cross-site scripting
2023/05/09 JVN#95792402:
WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting
2023/05/09 JVN#80476232:
SR-7100VN vulnerable to privilege escalation
2023/05/08 JVN#13306058:
JINS MEME CORE uses a hard-coded cryptographic key
2023/05/08 JVN#01937209:
LINE WORKS Drive Explorer vulnerable to code injection
2023/05/08 JVNVU#92106300:
Multiple vulnerabilities in SolarView Compact
2023/04/24 JVNVU#97372625:
Heap-based buffer overflow vulnerability in OMRON CX-Drive
2023/04/24 JVN#00971105:
WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting
2023/04/19 JVN#73178249:
Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft
2023/04/19 JVN#99657911:
WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery
2023/04/19 JVN#50862842:
EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass
2023/04/17 JVNTA#91513661:
Security Issues in FINS protocol
2023/04/17 JVN#14492006:
API server of TONE Family vulnerable to authentication bypass using an alternate path
2023/04/17 JVN#87559956:
Joruri Gw vulnerable to cross-site scripting
2023/04/14 JVN#36340790:
JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor
2023/04/14 JVN#76257155:
Trend Micro Security may insecurely load Dynamic Link Libraries
2023/04/11 JVNVU#98434809:
Multiple mobile printing apps for Android vulnerable to improper intent handling
2023/04/05 JVNVU#98775218:
Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information
2023/04/04 JVN#79149117:
Multiple vulnerabilities in JustSystems products
2023/04/04 JVN#75742861:
Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool
2023/03/31 JVNVU#92145493:
CONPROSYS HMI System(CHS) vulnerable to SQL injection
2023/03/31 JVNVU#99710864:
JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer
2023/03/31 JVN#38170084:
HAProxy vulnerable to HTTP request/response smuggling
2023/03/31 JVN#40604023:[Critical]
Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210
2023/03/27 JVN#61105618:
baserCMS vulnerable to arbitrary file uploads
2023/03/24 JVN#35246979:
ELECOM WAB-MAT registers its windows service executable with an unquoted file path
2023/03/17 JVN#62420378:
TP-Link T2600G-28SQ uses vulnerable SSH host keys
2023/03/17 JVNVU#96198617:
Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products
2023/03/13 JVN#64453490:
Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service
2023/03/08 JVN#82424996:
Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config
2023/03/07 JVNVU#96824262:
Multiple vulnerabilities in Buffalo network devices
2023/03/06 JVN#19872280:
Multiple vulnerabilities in PostgreSQL extension module pg_ivm
2023/03/03 JVNVU#94966432:
Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
2023/03/02 JVNVU#96890975:
Multiple vulnerabilities in Edgecross Basic Software for Windows
2023/03/01 JVNVU#96882769:
Multiple vulnerabilities in Trend Micro Maximum Security
2023/03/01 JVNVU#96221942:
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
2023/03/01 JVN#57224029:
Multiple vulnerabilities in SS1 and Rakuraku PC Cloud
2023/02/28 JVN#04785663:
Multiple cross-site scripting vulnerabilities in EC-CUBE
2023/02/28 JVN#78253670:
web2py development tool vulnerable to open redirect
2023/02/27 JVNTA#96606604:
Security Problem in Web Browser Permission Mechanism
2023/02/22 JVN#18765463:
Multiple cross-site scripting vulnerabilities in SHIRASAGI
2023/02/17 JVNVU#91848962:
Multiple vulnerabilities in Trend Micro Worry-Free Business Security and Worry-Free Business Security Services
2023/02/14 JVN#00712821:
Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools
2023/02/14 JVN#60263237:
The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries
2023/02/13 JVN#98612206:
Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G
2023/02/10 JVN#60320736:
NEC PC Settings Tool vulnerable to missing authentication for critical function
2023/02/10 JVNVU#99551468:
Zuken Elmic KASAGO uses insufficient random values for TCP Initial Sequence Numbers
2023/02/06 JVN#11257333:
Ichiran App vulnerable to improper server certificate verification
2023/02/03 JVNVU#98917488:
Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2
2023/01/31 JVN#22830348:
Vulnerability in Driver Distributor where passwords are stored in a recoverable format
2023/01/31 JVN#84642320:
SUSHIRO App for Android outputs sensitive information to the log file
2023/01/24 JVNVU#94200979:
Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Motion Pro
2023/01/24 JVN#01398015:
pgAdmin 4 vulnerable to directory traversal
2023/01/24 JVN#05288621:
EasyMail vulnerable to cross-site scripting
2023/01/23 JVN#72418815:
Pgpool-II vulnerable to information disclosure
2023/01/23 JVNVU#97195023:
Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections
2023/01/17 JVN#31073333:
WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal
2023/01/12 JVN#57296685:
Multiple vulnerabilities in PIXELA PIX-RT100
2023/01/11 JVN#99957889:
Multiple vulnerabilities in MAHO-PBX NetDevancer series
2023/01/11 JVNVU#93704047:
Multiple vulnerabilities in EXPRESSCLUSTER X
2023/01/11 JVNVU#91744508:
Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH
2023/01/11 JVNVU#97575890:
Active debug code vulnerability in OMRON CP1L-EL20DR-D
2023/01/11 JVN#03832974:
pgAdmin 4 vulnerable to open redirect
2023/01/11 JVN#78481846:
TP-Link SG105PE vulnerable to authentication bypass
2023/01/10 JVNVU#91740661:
OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal
2023/01/06 JVN#55675303:
Digital Arts m-FILTER vulnerable to improper authentication
2023/01/05 JVN#16765254:
Multiple code injection vulnerabilities in ruby-git

2022

2022/12/28 JVNVU#90679513:
Multiple vulnerabilities in Fuji Electric V-SFT and TELLUS
2022/12/28 JVNVU#92811888:
Multiple vulnerabilities in Fuji Electric V-Server
2022/12/23 JVNVU#96679793:
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
2022/12/21 JVN#29902403:
Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries
2022/12/21 JVN#43561812:
+Message App improper handling of Unicode control characters
2022/12/19 JVNVU#92689335:
Use-after-free vulnerability in Omron CX-Drive
2022/12/19 JVN#06093462:
Zenphoto vulnerable to cross-site scripting
2022/12/19 JVN#13075438:
Corel Roxio Creator LJB starts a program with an unquoted file path
2022/12/15 JVNVU#96195138:
Command injection vulnerability in SHARP Multifunctional Products (MFP)
2022/12/15 JVN#96321933:
Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM
2022/12/14 JVNVU#96873821:
Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
2022/12/13 JVN#60211811:
Redmine vulnerable to cross-site scripting
2022/12/09 JVNVU#97099584:
Multiple vulnerabilities in Buffalo network devices
2022/12/05 JVNVU#93526386:
Contec SolarView Compact vulnerable to cross-site scripting
2022/12/01 JVNVU#94514762:
Multiple vulnerabilities in UNIMO Technology digital video recorders
2022/11/25 JVNVU#92877622:
Multiple vulnerabilities in OMRON CX-Programmer
2022/11/25 JVN#87895771:
Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption
2022/11/25 JVN#53682526:
Multiple cross-site scripting vulnerabilities in baserCMS
2022/11/24 JVN#29657972:
TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input
2022/11/21 JVN#26044739:
Typora fails to properly neutralize JavaScript code
2022/11/18 JVN#13927745:
WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables
2022/11/18 JVNVU#90082799:
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
2022/11/16 JVN#24659622:
RICOH Aficio SP 4210N vulnerable to cross-site scripting
2022/11/16 JVN#37014768:
Multiple vulnerabilities in Movable Type
2022/11/15 JVNVU#98082029:
Realtek chip deadlock vulnerability (CVE-2022-34326) in Mitsubishi Electric consumer electronics products
2022/11/14 JVN#54728399:
TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulation
2022/11/14 JVNVU#97968855:
Multiple vulnerabilities in Hitachi Kokusai Network products for monitoring system(Camera, Encoder, Decoder)
2022/11/10 JVN#75437943:
Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure
2022/11/08 JVN#59663854:
WordPress Plugin "Salon booking system" vulnerable to cross-site scripting
2022/11/08 JVN#09409909:
Multiple vulnerabilities in WordPress
2022/11/01 JVN#46345126:
Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers
2022/10/28 JVN#74285622:
Multiple vulnerabilities in FUJI SOFT network devices
2022/10/25 JVN#86350682:
Multiple vulnerabilities in SHIRASAGI
2022/10/20 JVN#56968681:
Multiple vulnerabilities in nadesiko3
2022/10/19 JVNVU#97131578:
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
2022/10/19 JVN#10921428:
Lemon8 App fails to restrict access permissions
2022/10/18 JVNVU#99955870:
Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE
2022/10/14 JVN#74534998:
Android App "IIJ SmartKey" vulnerable to information disclosure
2022/10/12 JVNVU#93424017:
Multiple vulnerabilities in SVMPC1 and SVMPC2
2022/10/11 JVN#74592196:[Critical]
bingo!CMS vulnerable to authentication bypass
2022/10/11 JVN#40620121:
The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries
2022/10/07 JVNVU#99960963:
Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows
2022/10/07 JVN#00845253:
Growi vulnerable to improper access control
2022/10/06 JVN#15411362:
IPFire WebUI vulnerable to cross-site scripting
2022/10/04 JVNVU#92805279:
Multiple vulnerabilities in Buffalo network devices
2022/09/30 JVN#78862034:
BookStack vulnerable to cross-site scripting