Vulnerability Reports JP

past 12 months20232022202120202019201820172016201520142013201220112010

2024

2024/02/29 JVN#35928117:
Protection mechanism failure in RevoWorks
2024/02/29 JVN#77203800:
OET-213H-BTS1 missing authorization check in the initial configuration
2024/02/29 JVN#78084105:
OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting
2024/02/27 JVN#73283159:
Multiple vulnerabilities in baserCMS
2024/02/20 JVN#44166658:
Multiple vulnerabilities in ELECOM wireless LAN routers
2024/02/15 JVN#48966481:
a-blog cms vulnerable to URL spoofing
2024/02/07 JVN#44033918:
Zeroshell vulnerable to OS command injection
2024/02/06 JVN#18743512:
Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)
2024/02/01 JVN#63567545:
Group Office vulnerable to cross-site scripting
2024/02/01 JVN#41129639:
Payment EX vulnerable to information disclosure
2024/01/24 JVN#70818619:
"Mercari" App for Android fails to restrict custom URL schemes properly
2024/01/24 JVN#93541851:
Oracle WebLogic Server vulnerable to HTTP header injection
2024/01/23 JVN#96154238:
Android App "Spoon" uses a hard-coded API key for an external service
2024/01/23 JVN#77736613:
Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
2024/01/23 JVN#01434915:
Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"
2024/01/23 JVN#40049211:
Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense
2024/01/22 JVN#73587943:
Access analysis CGI An-Analyzer vulnerable to open redirect
2024/01/22 JVN#34565930:
Multiple vulnerabilities in a-blog cms
2024/01/19 JVN#67215338:
FusionPBX vulnerable to cross-site scripting
2024/01/18 JVN#83655695:
Multiple Dahua Technology products vulnerable to authentication bypass
2024/01/16 JVN#63383723:
Drupal vulnerable to improper handling of structural elements
2024/01/15 JVN#51135247:
Pleasanter vulnerable to cross-site scripting
2024/01/15 JVN#96240417:
Thermal camera TMC series vulnerable to insufficient technical documentation
2024/01/12 JVN#37326856:
Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"

2023

2023/12/26 JVN#32646742:
Multiple vulnerabilities in PowerCMS
2023/12/26 JVN#23771490:
Multiple vulnerabilities in BUFFALO VR-S1000
2023/12/13 JVN#18715935:
Multiple vulnerabilities in GROWI
2023/12/11 JVN#34145838:
Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series
2023/12/04 JVN#46895889:
RakRak Document Plus vulnerable to path traversal
2023/12/01 JVN#45891816:
Ruckus Access Point vulnerable to cross-site scripting
2023/11/20 JVN#15005948:
Multiple vulnerabilities in LuxCal Web Calendar
2023/11/17 JVN#22220399:
Multiple vulnerabilities in CubeCart
2023/11/17 JVN#13618065:
Redmine vulnerable to cross-site scripting
2023/11/14 JVN#67822421:
OSS Calendar vulnerable to SQL injection
2023/11/13 JVN#96209256:
Multiple vulnerabilities in Pleasanter
2023/11/13 JVN#17806703:
Multiple vulnerabilities in Cisco Firepower Management Center Software
2023/11/10 JVN#99177549:
HOTELDRUID vulnerable to cross-site scripting
2023/11/10 JVN#86156389:
Remarshal unlimitedly expanding YAML alias nodes
2023/11/07 JVN#29195731:
EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution
2023/11/02 JVN#14762986:
Improper restriction of XML external entity references (XXE) in e-Tax software
2023/10/31 JVN#94132951:
Cybozu Remote Service vulnerable to uncontrolled resource consumption
2023/10/30 JVN#48057522:
Inkdrop vulnerable to code injection
2023/10/27 JVN#45547161:
Multiple vulnerabilities in baserCMS
2023/10/25 JVN#39139884:
Movable Type vulnerable to cross-site scripting
2023/10/23 JVN#02058996:
HP ThinUpdate vulnerable to improper server certificate verification
2023/10/19 JVN#28846531:
Multiple vulnerabilities in JustSystems products
2023/10/18 JVN#95981460:[Critical]
Improper restriction of XML external entity references (XXE) in Proself
2023/10/16 JVN#80476432:
web2py vulnerable to OS command injection
2023/10/16 JVN#58574030:
Scanning evasion issue in Cisco Secure Email Gateway
2023/10/06 JVN#15808274:
e-Gov Client Application fails to restrict custom URL schemes properly
2023/10/04 JVN#08237727:
Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility
2023/10/02 JVN#39596244:
Improper restriction of XML external entity references (XXE) in FD Application
2023/09/27 JVN#17434995:
Shihonkanri Plus vulnerable to relative path traversal
2023/09/22 JVN#97197972:
Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
2023/09/11 JVN#41113329:
Pyramid vulnerable to directory traversal
2023/09/06 JVN#42691027:
"direct" Desktop App for macOS fails to restrict access permissions
2023/09/05 JVN#78113802:
Multiple vulnerabilities in F-RevoCRM
2023/09/05 JVN#92720882:
Multiple vulnerabilities in CGIs of PMailServer and PMailServer2
2023/09/04 JVN#82758000:
Multiple vulnerabilities in SHIRASAGI
2023/08/31 JVN#60140221:
Multiple vulnerabilities in i-PRO VI Web Client
2023/08/24 JVN#86484824:
SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
2023/08/24 JVN#03447226:
"Skylark" App fails to restrict custom URL schemes properly
2023/08/23 JVN#55217369:
Rakuten WiFi Pocket vulnerable to improper authentication
2023/08/21 JVN#98946408:
WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
2023/08/21 JVN#04876736:
Multiple vulnerabilities in LuxCal Web Calendar
2023/08/18 JVN#19661362:[Critical]
Multiple vulnerabilities in Proself
2023/08/17 JVN#46993816:
EC-CUBE 2 series vulnerable to cross-site scripting
2023/08/09 JVN#84820712:
"Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly
2023/08/07 JVN#42527152:
"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly
2023/08/07 JVN#83334799:
Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API
2023/08/04 JVN#38847224:
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext
2023/08/02 JVN#61337171:
SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
2023/07/26 JVN#95727578:
Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials
2023/07/24 JVN#37857022:
Improper restriction of XML external entity references (XXE) in Applicant Programme
2023/07/21 JVN#35897618:[Critical]
GBrowse vulnerable to unrestricted upload of files with dangerous types
2023/07/20 JVN#90560760:
Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"
2023/07/18 JVN#44726469:
Improper restriction of XML external entity references (XXE) in XBRL data create application
2023/07/11 JVN#05223215:
Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
2023/07/03 JVN#64316789:
Multiple vulnerabilities in SoftEther VPN and PacketiX VPN
2023/06/30 JVN#32739265:
"NewsPicks" App uses a hard-coded API key for an external service
2023/06/27 JVN#97127032:
WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal
2023/06/27 JVN#78634340:
Multiple vulnerabilities in WAVLINK WL-WN531AX2
2023/06/27 JVN#38343415:
Multiple vulnerabilities in Aterm series
2023/06/22 JVN#97818024:
Multiple vulnerabilities in Pleasanter
2023/06/20 JVN#70502982:
SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
2023/06/16 JVN#19748237:
Multiple vulnerabilities in Panasonic AiSEG2
2023/06/13 JVN#96828492:
Chatwork Desktop Application (Mac) vulnerable to code injection
2023/06/12 JVN#36060509:
"WPS Office" vulnerable to OS command injection
2023/06/09 JVN#34232595:
ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute
2023/06/09 JVN#28412757:
Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT
2023/06/01 JVN#33836375:
"Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification
2023/05/31 JVN#62111727:
Pleasanter vulnerable to cross-site scripting
2023/05/31 JVN#38222042:
DataSpider Servista uses a hard-coded cryptographic key
2023/05/30 JVN#95981715:
Starlette vulnerable to directory traversal
2023/05/26 JVN#19243534:
ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal
2023/05/25 JVN#90278893:
Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access
2023/05/22 JVN#45127776:
Tornado vulnerable to open redirect
2023/05/19 JVN#14778242:
Multiple vulnerabilities in T&D and ESPEC MIC data logger products
2023/05/18 JVN#48687031:
Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay
2023/05/15 JVN#41694426:
Multiple vulnerabilities in Cybozu Garoon
2023/05/15 JVN#01093915:
Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"
2023/05/12 JVN#11705010:
Beekeeper Studio vulnerable to code injection
2023/05/10 JVN#31701509:
Multiple vulnerabilities in MicroEngine Mailform
2023/05/09 JVN#59341308:
WordPress Plugin "Newsletter" vulnerable to cross-site scripting
2023/05/09 JVN#95792402:
WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting
2023/05/09 JVN#80476232:
SR-7100VN vulnerable to privilege escalation
2023/05/08 JVN#13306058:
JINS MEME CORE uses a hard-coded cryptographic key
2023/05/08 JVN#01937209:
LINE WORKS Drive Explorer vulnerable to code injection
2023/04/24 JVN#00971105:
WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting
2023/04/19 JVN#73178249:
Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft
2023/04/19 JVN#99657911:
WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery
2023/04/19 JVN#50862842:
EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass
2023/04/17 JVN#14492006:
API server of TONE Family vulnerable to authentication bypass using an alternate path
2023/04/17 JVN#87559956:
Joruri Gw vulnerable to cross-site scripting
2023/04/14 JVN#36340790:
JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor
2023/04/14 JVN#76257155:
Trend Micro Security may insecurely load Dynamic Link Libraries
2023/04/04 JVN#79149117:
Multiple vulnerabilities in JustSystems products
2023/04/04 JVN#75742861:
Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool
2023/03/31 JVN#38170084:
HAProxy vulnerable to HTTP request/response smuggling
2023/03/31 JVN#40604023:[Critical]
Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210
2023/03/27 JVN#61105618:
baserCMS vulnerable to arbitrary file uploads
2023/03/24 JVN#35246979:
ELECOM WAB-MAT registers its windows service executable with an unquoted file path
2023/03/17 JVN#62420378:
TP-Link T2600G-28SQ uses vulnerable SSH host keys
2023/03/13 JVN#64453490:
Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service
2023/03/08 JVN#82424996:
Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config
2023/03/06 JVN#19872280:
Multiple vulnerabilities in PostgreSQL extension module pg_ivm
2023/03/01 JVN#57224029:
Multiple vulnerabilities in SS1 and Rakuraku PC Cloud