Vulnerability Reports JP
2022
- 2022/05/27 JVN#27256219:
- RevoWorks incomplete filtering of MS Office v4 macros
- 2022/05/27 JVN#13878856:
- Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification
- 2022/05/24 JVN#15241647:
- WordPress plugin "WP Statistics" vulnerable to cross-site scripting
- 2022/05/20 JVN#15317878:
- Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
- 2022/05/19 JVN#46892984:
- Multiple vulnerabilities in Rakuten Casa
- 2022/05/16 JVN#73897863:
- Multiple vulnerabilities in Cybozu Garoon
- 2022/05/13 JVN#44550983:
- Strapi vulnerable to cross-site scripting
- 2022/05/13 JVN#46241173:
- EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery
- 2022/05/11 JVN#60037444:
- Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
- 2022/05/10 JVN#60801132:
- GENEREX RCCMD vulnerable to directory traversal
- 2022/05/09 JVN#96561229:[Critical]
- Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
- 2022/05/09 JVN#50337155:
- KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass
- 2022/05/09 JVN#58266015:
- Multiple vulnerabilities in multiple MEIKYO ELECTRIC products
- 2022/04/22 JVN#54857505:
- Hammock AssetView missing authentication for critical functions
- 2022/04/15 JVN#31606885:
- WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery
- 2022/03/30 JVN#59576930:
- Zero-channel BBS Plus vulnerable to cross-site scripting
- 2022/03/30 JVN#42543427:
- WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization
- 2022/03/30 JVN#10140834:
- AttacheCase may insecurely load Dynamic Link Libraries
- 2022/03/16 JVN#21234459:
- Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"
- 2022/03/15 JVN#87751554:
- Multiple vulnerabilities in pfSense
- 2022/03/10 JVN#72801744:
- UNIVERGE WA Series vulnerable to OS command injection
- 2022/03/04 JVN#33214411:
- i-FILTER vulnerable to improper check for certificate revocation
- 2022/03/03 JVN#85572374:
- pfSense-pkg-WireGuard vulnerable to directory traversal
- 2022/03/03 JVN#89524240:
- MarkText vulnerable to cross-site scripting
- 2022/03/03 JVN#87683137:
- Norton Security for Mac improperly processes ICMP packets
- 2022/02/22 JVN#67108459:
- EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery
- 2022/02/22 JVN#53871926:
- EC-CUBE improperly handles HTTP Host header values
- 2022/02/18 JVN#14706307:
- Multiple vulnerabilities in a-blog cms
- 2022/02/17 JVN#00095004:
- Multiple vulnerabilities in phpUploader
- 2022/02/09 JVN#12969207:
- HPE Agentless Management registers unquoted service paths
- 2022/02/08 JVN#17482543:
- Multiple vulnerabilities in multiple ELECOM LAN routers
- 2022/02/07 JVN#95898697:
- Multiple ESET products for macOS vulnerable to improper server certificate verification
- 2022/02/04 JVN#67396225:
- CSV+ vulnerable to cross-site scripting
- 2022/01/25 JVN#70100915:
- Multiple vulnerabilities in TransmitMail
- 2022/01/20 JVN#16690037:
- Multiple cross-site scripting vulnerabilities in php_mailform
- 2022/01/19 JVN#64806328:
- Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting
- 2022/01/13 JVN#19826500:
- PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption
- 2022/01/13 JVN#81479705:
- Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials
- 2022/01/12 JVN#49047921:
- Jimoty App for Android uses a hard-coded API key for an external service
- 2022/01/12 JVN#72788165:
- Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"
2021
- 2021/12/22 JVN#66422035:
- Android Apps developed using Yappli fails to restrict custom URL schemes properly
- 2021/12/20 JVN#79798166:
- Multiple vulnerabilities in GroupSession
- 2021/12/17 JVN#13464252:
- UNIVERGE DT Series vulnerable to missing encryption of sensitive data
- 2021/12/02 JVN#09136401:
- Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"
- 2021/11/30 JVN#88993473:
- Multiple vulnerabilities in multiple ELECOM LAN routers
- 2021/11/30 JVN#19482703:
- Wi-Fi STATION SH-52A vulnerable to cross-site scripting
- 2021/11/26 JVN#81376414:
- Multiple vulnerabilities in baserCMS
- 2021/11/25 JVN#93562098:
- WordPress Plugin "Browser and Operating System Finder" vulnerable to cross-site request forgery
- 2021/11/24 JVN#17645965:
- PowerCMS XMLRPC API vulnerable to OS command injection
- 2021/11/16 JVN#85492429:
- WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery
- 2021/11/16 JVN#22515597:
- rwtxt vulnerable to cross-site scripting
- 2021/11/12 JVN#58407606:
- Unlimited Sitemap Generator vulnerable to cross-site request forgery
- 2021/11/11 JVN#75444925:
- Multiple vulnerabilities in EC-CUBE 2 series
- 2021/11/10 JVN#68066589:
- WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting
- 2021/10/29 JVN#69304877:
- Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X
- 2021/10/29 JVN#49465877:
- Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent
- 2021/10/29 JVN#60553023:
- ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)
- 2021/10/28 JVN#33453839:
- Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
- 2021/10/20 JVN#41119755:[Critical]
- Movable Type XMLRPC API vulnerable to OS command injection
- 2021/10/18 JVN#85073657:
- 128 Technology Session Smart Router vulnerable to authentication bypass
- 2021/10/08 JVN#51106450:
- Apache HTTP Server vulnerable to directory traversal
- 2021/10/08 JVN#89126639:
- Nike App fails to restrict custom URL schemes properly
- 2021/09/30 JVN#52694228:
- Multiple vulnerabilities in Cybozu Remote Service
- 2021/09/28 JVN#29428319:
- WordPress Plugin "OG Tags" vulnerable to cross-site request forgery
- 2021/09/28 JVN#63023305:
- InBody App vulnerable to information disclosure
- 2021/09/28 JVN#10168753:
- SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification
- 2021/09/17 JVN#42866574:
- Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
- 2021/09/16 JVN#23406150:
- EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting
- 2021/09/13 JVN#46313661:
- EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting
- 2021/09/10 JVN#81658818:
- Multiple vulnerabilities in RevoWorks Browser
- 2021/08/27 JVN#14134801:
- baserCMS vulnerable to cross-site scripting
- 2021/08/25 JVN#97545738:
- Multiple cross-site scripting vulnerabilities in Movable Type
- 2021/08/24 JVN#80288258:
- The installers of multiple Sony products may insecurely load Dynamic Link Libraries
- 2021/08/17 JVN#41646618:
- Huawei EchoLife HG8045Q vulnerable to OS command injection
- 2021/08/12 JVN#50804280:
- Plone vulnerable to open redirect
- 2021/08/10 JVN#65388002:
- WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting
- 2021/08/02 JVN#54794245:
- Multiple vulnerabilities in Cybozu Garoon
- 2021/07/21 JVN#53278122:
- Minecraft Java Edition vulnerable to directory traversal
- 2021/07/19 JVN#86026700:
- Multiple vulnerabilities in GroupSession
- 2021/07/14 JVN#34364599:
- Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery
- 2021/07/13 JVN#26891339:
- Multiple vulnerabilities in Retty App
- 2021/07/09 JVN#68971465:
- voidtools "Everything" vulnerable to HTTP header injection
- 2021/07/08 JVN#89054582:
- WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery
- 2021/07/08 JVN#48413554:
- WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery
- 2021/07/07 JVN#25850723:
- GU App for Android fails to restrict access permissions
- 2021/07/06 JVN#42880365:
- WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery
- 2021/07/06 JVN#91372527:
- WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery
- 2021/07/05 JVN#21636825:
- A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass
- 2021/07/01 JVN#57942445:
- EC-CUBE fails to restrict access permissions
- 2021/06/30 JVN#15185184:
- IkaIka RSS Reader vulnerable to cross-site scripting
- 2021/06/30 JVN#65660590:
- boastMachine vulnerable to cross-site scripting
- 2021/06/23 JVN#95292458:
- Multiple cross-site scripting vulnerabilities in EC-CUBE
- 2021/06/23 JVN#63066062:
- WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting
- 2021/06/22 JVN#93799513:
- WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting
- 2021/06/22 JVN#29949691:
- Inkdrop vulnerable to OS command injection
- 2021/06/18 JVN#21298724:
- Hitachi Virtual File Platform vulnerable to OS command injection
- 2021/06/17 JVN#03776901:
- Hitachi Application Server Help vulnerable cross-site scripting
- 2021/06/15 JVN#57524494:
- Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE
- 2021/06/15 JVN#79254445:[Critical]
- Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting
- 2021/06/14 JVN#95457785:
- Multiple vulnerabilities in GROWI
- 2021/06/14 JVN#38034268:
- あすけん App for Android fails to restrict custom URL schemes properly
- 2021/06/11 JVN#70566757:
- WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
- 2021/06/03 JVN#64064138:
- ATOM - Smart life App vulnerable to improper server certificate verification
- 2021/06/02 JVN#91691168:
- goo blog App fails to restrict custom URL schemes properly