Vulnerability Reports JP

past 12 months ｜2021 ｜2020 ｜2019 ｜2018 ｜2017 ｜2016 ｜2015 ｜2014 ｜2013 ｜2012 ｜2011 ｜2010 ｜2009 ｜2008

2022

2022/08/04 JVN#42883072:: Kaitai Struct: compiler vulnerable to denial-of-service (DoS)

2022/07/29 JVN#17625382:: Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

2022/07/28 JVN#57073973:: "JustSystems JUST Online Update for J-License" starts a program with an unquoted file path

2022/07/27 JVN#81563390:: "Hulu / フールー" App for iOS vulnerable to improper server certificate verification

2022/07/27 JVN#40907489:: "Hulu / フールー" App for Android uses a hard-coded API key for an external service

2022/07/25 JVN#77850327:: WordPress Plugin "Newsletter" vulnerable to cross-site scripting

2022/07/25 JVN#30454777:: Multiple vulnerabilities in untangle

2022/07/22 JVN#75063798:: Booked vulnerable to open redirect

2022/07/20 JVN#20573662:: Multiple vulnerabilities in Cybozu Office

2022/07/12 JVN#12610194:: Django Extract and Trunc functions vulnerable to SQL injection

2022/07/08 JVN#23766146:: Passage Drive vulnerable to insufficient data verification

2022/07/04 JVN#14077132:: Multiple vulnerabilities in Cybozu Garoon

2022/07/04 JVN#32625020:: LiteCart vulnerable to cross-site scripting

2022/06/29 JVN#41017328:: HOME SPOT CUBE2 vulnerable to OS command injection

2022/06/24 JVN#51464799:: L2Blocker Sensor setup screen vulnerable to authentication bypass

2022/06/23 JVN#02158640:: web2py vulnerable to open redirect

2022/06/17 JVN#93667442:: Gitlab vulnerable to server-side request forgery

2022/06/15 JVN#20930118:: FreeBSD vulnerable to denial-of-service (DoS)

2022/06/14 JVN#94363766:: Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting

2022/06/09 JVN#32962443:: SHIRASAGI vulnerable to cross-site scripting

2022/06/01 JVN#28659051:: T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal

2022/06/01 JVN#04155116:: WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting

2022/05/27 JVN#27256219:: RevoWorks incomplete filtering of MS Office v4 macros

2022/05/27 JVN#13878856:: Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

2022/05/24 JVN#15241647:: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

2022/05/20 JVN#15317878:: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

2022/05/19 JVN#46892984:: Multiple vulnerabilities in Rakuten Casa

2022/05/16 JVN#73897863:: Multiple vulnerabilities in Cybozu Garoon

2022/05/13 JVN#44550983:: Strapi vulnerable to cross-site scripting

2022/05/13 JVN#46241173:: EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery

2022/05/11 JVN#60037444:: Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

2022/05/10 JVN#60801132:: GENEREX RCCMD vulnerable to directory traversal

2022/05/09 JVN#96561229:[Critical]: Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM

2022/05/09 JVN#50337155:: KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass

2022/05/09 JVN#58266015:: Multiple vulnerabilities in multiple MEIKYO ELECTRIC products

2022/04/22 JVN#54857505:: Hammock AssetView missing authentication for critical functions

2022/04/15 JVN#31606885:: WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery

2022/03/30 JVN#59576930:: Zero-channel BBS Plus vulnerable to cross-site scripting

2022/03/30 JVN#42543427:: WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization

2022/03/30 JVN#10140834:: AttacheCase may insecurely load Dynamic Link Libraries

2022/03/16 JVN#21234459:: Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"

2022/03/15 JVN#87751554:: Multiple vulnerabilities in pfSense

2022/03/10 JVN#72801744:: UNIVERGE WA Series vulnerable to OS command injection

2022/03/04 JVN#33214411:: i-FILTER vulnerable to improper check for certificate revocation

2022/03/03 JVN#85572374:: pfSense-pkg-WireGuard vulnerable to directory traversal

2022/03/03 JVN#89524240:: MarkText vulnerable to cross-site scripting

2022/03/03 JVN#87683137:: Norton Security for Mac improperly processes ICMP packets

2022/02/22 JVN#67108459:: EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery

2022/02/22 JVN#53871926:: EC-CUBE improperly handles HTTP Host header values

2022/02/18 JVN#14706307:: Multiple vulnerabilities in a-blog cms

2022/02/17 JVN#00095004:: Multiple vulnerabilities in phpUploader

2022/02/09 JVN#12969207:: HPE Agentless Management registers unquoted service paths

2022/02/08 JVN#17482543:: Multiple vulnerabilities in multiple ELECOM LAN routers

2022/02/07 JVN#95898697:: Multiple ESET products for macOS vulnerable to improper server certificate verification

2022/02/04 JVN#67396225:: CSV+ vulnerable to cross-site scripting

2022/01/25 JVN#70100915:: Multiple vulnerabilities in TransmitMail

2022/01/20 JVN#16690037:: Multiple cross-site scripting vulnerabilities in php_mailform

2022/01/19 JVN#64806328:: Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting

2022/01/13 JVN#19826500:: PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

2022/01/13 JVN#81479705:: Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials

2022/01/12 JVN#49047921:: Jimoty App for Android uses a hard-coded API key for an external service

2022/01/12 JVN#72788165:: Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

2021

2021/12/22 JVN#66422035:: Android Apps developed using Yappli fails to restrict custom URL schemes properly

2021/12/20 JVN#79798166:: Multiple vulnerabilities in GroupSession

2021/12/17 JVN#13464252:: UNIVERGE DT Series vulnerable to missing encryption of sensitive data

2021/12/02 JVN#09136401:: Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"

2021/11/30 JVN#88993473:: Multiple vulnerabilities in multiple ELECOM LAN routers

2021/11/30 JVN#19482703:: Wi-Fi STATION SH-52A vulnerable to cross-site scripting

2021/11/26 JVN#81376414:: Multiple vulnerabilities in baserCMS

2021/11/25 JVN#93562098:: WordPress Plugin "Browser and Operating System Finder" vulnerable to cross-site request forgery

2021/11/24 JVN#17645965:: PowerCMS XMLRPC API vulnerable to OS command injection

2021/11/16 JVN#85492429:: WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery

2021/11/16 JVN#22515597:: rwtxt vulnerable to cross-site scripting

2021/11/12 JVN#58407606:: Unlimited Sitemap Generator vulnerable to cross-site request forgery

2021/11/11 JVN#75444925:: Multiple vulnerabilities in EC-CUBE 2 series

2021/11/10 JVN#68066589:: WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting

2021/10/29 JVN#69304877:: Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X

2021/10/29 JVN#49465877:: Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent

2021/10/29 JVN#60553023:: ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)

2021/10/28 JVN#33453839:: Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter

2021/10/20 JVN#41119755:[Critical]: Movable Type XMLRPC API vulnerable to OS command injection

2021/10/18 JVN#85073657:: 128 Technology Session Smart Router vulnerable to authentication bypass

2021/10/08 JVN#51106450:: Apache HTTP Server vulnerable to directory traversal

2021/10/08 JVN#89126639:: Nike App fails to restrict custom URL schemes properly

2021/09/30 JVN#52694228:: Multiple vulnerabilities in Cybozu Remote Service

2021/09/28 JVN#29428319:: WordPress Plugin "OG Tags" vulnerable to cross-site request forgery

2021/09/28 JVN#63023305:: InBody App vulnerable to information disclosure

2021/09/28 JVN#10168753:: SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification

2021/09/17 JVN#42866574:: Multiple vulnerabilities in Sharp NEC Display Solutions' public displays

2021/09/16 JVN#23406150:: EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting

2021/09/13 JVN#46313661:: EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting

2021/09/10 JVN#81658818:: Multiple vulnerabilities in RevoWorks Browser

2021/08/27 JVN#14134801:: baserCMS vulnerable to cross-site scripting

2021/08/25 JVN#97545738:: Multiple cross-site scripting vulnerabilities in Movable Type

2021/08/24 JVN#80288258:: The installers of multiple Sony products may insecurely load Dynamic Link Libraries

2021/08/17 JVN#41646618:: Huawei EchoLife HG8045Q vulnerable to OS command injection

2021/08/12 JVN#50804280:: Plone vulnerable to open redirect

2021/08/10 JVN#65388002:: WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting