Vulnerability Reports

past 12 months20232022202120202019201820172016201520142013201220112010

2024

2024/07/18 JVN#87710540:
Assimp vulnerable to heap-based buffer overflow
2024/07/16 JVNVU#96424864:
Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series
2024/07/16 JVN#74825766:
Cybozu Garoon vulnerable to cross-site scripting
2024/07/16 JVN#25583987:
FUJITSU Network Edgiot GW1500 vulnerable to path traversal
2024/07/10 JVN#14294633:
Out-of-bounds write vulnerability in Ricoh MFPs and printers
2024/07/09 JVN#81442045:
Multiple vulnerabilities in multiple Webmin products
2024/07/08 JVN#28515217:
Cleartext transmission issue in TONE store App to TONE store
2024/07/03 JVN#94347255:
JP1/Extensible SNMP Agent fails to restrict access permissions
2024/06/28 JVN#01073312:
"Piccoma" App uses a hard-coded API key for an external service
2024/06/27 JVNVU#99784493:
Multiple TP-Link products vulnerable to OS command injection
2024/06/26 JVN#34977158:
WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery
2024/06/21 JVNVU#91384468:
LINE client for iOS vulnerable to universal cross-site scripting
2024/06/19 JVNVU#99027428:
Multiple vulnerabilities in multiple Trend Micro products
2024/06/19 JVN#37818611:
"ZOZOTOWN" App for Android fails to restrict custom URL schemes properly
2024/06/19 JVN#60331535:
WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page
2024/06/18 JVN#00442488:
Multiple vulnerabilities in Ricoh Streamline NX PC Client
2024/06/18 JVN#65171386:
Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR
2024/06/14 JVNVU#97136265:
Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
2024/06/12 JVN#25594256:
Denial-of-service (DoS) vulnerability in IPCOM WAF function
2024/06/07 JVN#79213252:
WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection
2024/06/07 JVN#55045256:
Multiple vulnerabilities in "FreeFrom - the nostr client" App
2024/06/03 JVN#43215077:
Multiple vulnerabilities in UNIVERSAL PASSPORT RX
2024/05/31 JVNVU#93051062:
Multiple vulnerabilities in Sharp and Toshiba Tec MFPs
2024/05/31 JVNVU#94872523:
Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection
2024/05/30 JVN#80506242:
awkblog vulnerable to OS command injection
2024/05/29 JVN#22182715:
Redmine DMSF Plugin vulnerable to path traversal
2024/05/29 JVN#15637138:
EC-Orange vulnerable to authorization bypass
2024/05/28 JVNVU#97214223:
ELECOM wireless LAN routers vulnerable to OS command injection
2024/05/28 JVN#17680667:
Multiple vulnerabilities in Unifier and Unifier Cast
2024/05/28 JVN#71404925:
Multiple vulnerabilities in UTAU
2024/05/27 JVNVU#92504444:
OMRON NJ/NX series vulnerable to insufficient verification of data authenticity
2024/05/24 JVN#56781258:
Splunk Config Explorer vulnerable to cross-site scripting
2024/05/24 JVN#35838128:
WordPress Plugin "WP Booking" vulnerable to cross-site scripting
2024/05/21 JVN#29471697:
Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification
2024/05/17 JVN#85380030:
WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal
2024/05/16 JVNVU#95120091:
Panasonic KW Watcher vulnerable to memory buffer error
2024/05/15 JVNVU#92249385:
Ruijie BCR810W/BCR860 vulnerable to OS command injection
2024/05/15 JVNVU#95350607:
Multiple vulnerabilities in Field Logic DataCube
2024/05/13 JVN#28869536:
Multiple vulnerabilities in Cybozu Garoon
2024/05/10 JVNVU#99669446:
Central Dogma vulnerable to cross-site scripting
2024/05/10 JVN#83405304:
"OfferBox" App uses a hard-coded secret key
2024/05/10 JVN#61054671:
Phormer vulnerable to cross-site scripting
2024/05/09 JVN#97751842:
Multiple vulnerabilities in MosP kintai kanri
2024/05/08 JVN#87694318:
WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting
2024/05/07 JVNVU#97614828:
Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849)
2024/04/24 JVNVU#91883072:
NETGEAR routers vulnerable to buffer overflow
2024/04/24 JVN#62737544:
Multiple vulnerabilities in RoamWiFi R10
2024/04/23 JVNTA#90371415:
Multiple third-party kernel drivers for Windows vulnerable to improper access control on IOCTL
2024/04/23 JVN#40079147:[Unreachable]
TvRock vulnerable to denial-of-service (DoS)
2024/04/23 JVN#24683352:[Unreachable]
TvRock vulnerable to cross-site request forgery
2024/04/22 JVNVU#98274902:
Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer
2024/04/19 JVNVU#91216202:
Armeria-saml improperly handles SAML messages
2024/04/19 JVNVU#91696361:
LINE client for iOS vulnerable to improper server certificate verification
2024/04/18 JVN#50132400:
Multiple vulnerabilities in WordPress Plugin "Forminator"
2024/04/16 JVN#23835228:
Proscend Communications M330-W and M330-W5 vulnerable to OS command injection
2024/04/15 JVN#58236836:
Multiple vulnerabilities in BUFFALO wireless LAN routers
2024/04/10 JVN#70977403:
Multiple vulnerabilities in a-blog cms
2024/04/08 JVN#50361500:
Multiple vulnerabilities in WordPress Plugin "Ninja Forms"
2024/04/05 JVN#82074338:
Multiple vulnerabilities in NEC Aterm series
2024/04/04 JVNVU#94016877:
Multiple vulnerabilities in Cente middleware
2024/04/04 JVNVU#91975826:
Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN router MZK-MF300N
2024/04/01 JVNVU#99285099:
FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password
2024/03/29 JVNVU#92825069:
KEYENCE VT STUDIO may insecurely load Dynamic Link Libraries
2024/03/29 JVNVU#95439120:
Multiple vulnerabilities in KEYENCE KV STUDIO and KV REPLAY VIEWER
2024/03/29 JVN#23528780:
"Yahoo! JAPAN" App vulnerable to cross-site scripting
2024/03/27 JVNVU#93932313:
SEEnergy SVR-116 vulnerable to OS command injection
2024/03/27 JVN#40367518:
SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries
2024/03/27 JVN#51098626:
Multiple vulnerabilities in WordPress Plugin "Survey Maker"
2024/03/26 JVNVU#95381465:
Multiple vulnerabilities in ELECOM wireless LAN routers
2024/03/25 JVN#46874970:[Unreachable]
0ch BBS Script (0ch) vulnerable to cross-site scripting
2024/03/25 JVN#17176449:[Unreachable]
ffBull vulnerable to OS command injection
2024/03/25 JVN#40523785:[Unreachable]
Mini Thread vulnerable to cross-site scripting
2024/03/25 JVN#22376992:[Unreachable]
WebProxy vulnerable to OS command injection
2024/03/25 JVN#69107517:[Unreachable]
TvRock vulnerable to cross-site scripting
2024/03/25 JVN#13113728:[Unreachable]
"EasyRange" may insecurely load executable files
2024/03/25 JVN#86206017:
WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery
2024/03/22 JVNVU#93546510:
Multiple vulnerabilities in home gateway HGW BL1500HM
2024/03/22 JVNVU#90953541:
BUFFALO LinkStation 200 series vulnerable to arbitrary code execution
2024/03/21 JVNVU#90671953:
Sangoma Technologies CG/MG family driver cg6kwin2k.sys vulnerable to insufficient access control on its IOCTL
2024/03/18 JVN#94521208:
Multiple vulnerabilities in FitNesse
2024/03/15 JVN#70640802:
"ABEMA" App for Android fails to restrict access permissions
2024/03/08 JVN#48443978:
a-blog cms vulnerable to directory traversal
2024/03/07 JVN#54451757:
Multiple vulnerabilities in SKYSEA Client View
2024/03/07 JVNVU#95852116:
OMRON NJ/NX series vulnerable to path traversal
2024/03/06 JVN#34328023:
FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery
2024/03/06 JVN#82749078:
Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management
2024/03/06 JVN#52919306:
Toyoko Inn official App vulnerable to improper server certificate verification
2024/02/29 JVN#35928117:
Protection mechanism failure in RevoWorks
2024/02/29 JVN#77203800:
OET-213H-BTS1 missing authorization check in the initial configuration
2024/02/29 JVN#78084105:
OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting
2024/02/27 JVN#73283159:
Multiple vulnerabilities in baserCMS
2024/02/21 JVNVU#93534773:
Multiple vulnerabilities in multiple Trend Micro products
2024/02/21 JVNVU#96033712:
Multiple vulnerabilities in Trend Micro Apex Central
2024/02/20 JVNVU#99444194:
ELECOM wireless LAN routers vulnerable to OS command injection
2024/02/20 JVN#44166658:
Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
2024/02/15 JVN#48966481:
a-blog cms vulnerable to URL spoofing
2024/02/14 JVNVU#93381734:
Android App "Mopria Print Service" vulnerable to improper intent handling
2024/02/07 JVN#44033918:
Zeroshell vulnerable to OS command injection
2024/02/06 JVN#18743512:
Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)
2024/02/06 JVNVU#90033405:
Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers
2024/02/05 JVNVU#97836276:
Sharp NEC Display Solutions' public displays vulnerable to local file inclusion
2024/02/02 JVNVU#93740658:
Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2
2024/02/02 JVNVU#99844997:
Incorrect permission assignment vulnerability in Trend Micro uiAirSupport
2024/02/01 JVN#63567545:
Group Office vulnerable to cross-site scripting
2024/02/01 JVN#41129639:
Payment EX vulnerable to information disclosure
2024/01/30 JVNVU#94591337:
Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services
2024/01/24 JVN#70818619:
"Mercari" App for Android fails to restrict custom URL schemes properly
2024/01/24 JVN#93541851:
Oracle WebLogic Server vulnerable to HTTP header injection
2024/01/23 JVN#96154238:
Android App "Spoon" uses a hard-coded API key for an external service
2024/01/23 JVN#77736613:
Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
2024/01/23 JVN#01434915:
Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"
2024/01/23 JVN#40049211:
Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense
2024/01/23 JVNVU#90908488:
ELECOM wireless LAN routers vulnerable to OS command injection
2024/01/23 JVNVU#99896362:
Yamaha wireless LAN access point devices vulnerable to active debug code
2024/01/22 JVN#73587943:
Access analysis CGI An-Analyzer vulnerable to open redirect
2024/01/22 JVN#34565930:
Multiple vulnerabilities in a-blog cms
2024/01/19 JVN#67215338:
FusionPBX vulnerable to cross-site scripting
2024/01/18 JVN#83655695:
Multiple Dahua Technology products vulnerable to authentication bypass
2024/01/16 JVN#63383723:
Drupal vulnerable to improper handling of structural elements
2024/01/15 JVN#51135247:
Pleasanter vulnerable to cross-site scripting
2024/01/15 JVN#96240417:
Thermal camera TMC series vulnerable to insufficient technical documentation
2024/01/12 JVN#37326856:
Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"
2024/01/09 JVNVU#92102247:
Multiple vulnerabilities in Panasonic Control FPWIN Pro7
2024/01/09 JVNVU#91401812:
Multiple TP-Link products vulnerable to OS command injection

2023

2023/12/26 JVN#32646742:
Multiple vulnerabilities in PowerCMS
2023/12/26 JVN#23771490:
Multiple vulnerabilities in BUFFALO VR-S1000
2023/12/22 JVNVU#97943829:
Brother iPrint&Scan Desktop for Windows vulnerable to improper link resolution before file access
2023/12/14 JVNVU#97876221:
WordPress plugin "MW WP Form" vulnerable to arbitrary file upload
2023/12/13 JVN#18715935:
Multiple vulnerabilities in GROWI
2023/12/12 JVNVU#97499577:
ELECOM wireless LAN routers vulnerable to OS command injection
2023/12/11 JVN#34145838:
Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series
2023/12/08 JVNVU#98954443:
Multiple vulnerabilities in Edgecross Basic Software for Windows
2023/12/06 JVNVU#92152057:[Critical]
FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection
2023/12/04 JVN#46895889:
RakRak Document Plus vulnerable to path traversal
2023/12/01 JVN#45891816:
Ruckus Access Point vulnerable to cross-site scripting
2023/11/20 JVN#15005948:
Multiple vulnerabilities in LuxCal Web Calendar
2023/11/17 JVNVU#98954968:
Multiple vulnerabilities in EXPRESSCLUSTER X
2023/11/17 JVN#22220399:
Multiple vulnerabilities in CubeCart
2023/11/17 JVN#13618065:
Redmine vulnerable to cross-site scripting
2023/11/16 JVNVU#99077347:
Multiple vulnerabilities in First Corporation's DVRs
2023/11/15 JVNVU#96079387:
ASUSTeK COMPUTER RT-AC87U vulnerable to improper access control
2023/11/14 JVNVU#94119876:
Multiple vulnerabilities in ELECOM and LOGITEC routers
2023/11/14 JVN#67822421:
OSS Calendar vulnerable to SQL injection
2023/11/13 JVN#96209256:
Multiple vulnerabilities in Pleasanter
2023/11/13 JVN#17806703:
Multiple vulnerabilities in Cisco Firepower Management Center Software
2023/11/10 JVNVU#98040889:
Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)
2023/11/10 JVNVU#93840158:
Multiple vulnerabilities in FUJI ELECTRIC products
2023/11/10 JVN#99177549:
HOTELDRUID vulnerable to cross-site scripting
2023/11/10 JVN#86156389:
Remarshal unlimitedly expanding YAML alias nodes
2023/11/07 JVN#29195731:
EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution
2023/11/02 JVN#14762986:
Improper restriction of XML external entity references (XXE) in e-Tax software
2023/11/01 JVNVU#96482726:
FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength
2023/10/31 JVN#94132951:
Cybozu Remote Service vulnerable to uncontrolled resource consumption
2023/10/31 JVNVU#99565391:
MCL Technologies MCL-Net vulnerable to directory traversal
2023/10/30 JVN#48057522:
Inkdrop vulnerable to code injection
2023/10/27 JVN#45547161:
Multiple vulnerabilities in baserCMS
2023/10/26 JVNVU#97149791:
Advanced Micro Devices Windows kernel drivers vulnerable to insufficient access control on its IOCTL
2023/10/25 JVN#39139884:
Movable Type vulnerable to cross-site scripting
2023/10/23 JVNVU#98683567:
Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Designer
2023/10/23 JVN#02058996:
HP ThinUpdate vulnerable to improper server certificate verification
2023/10/19 JVN#28846531:
Multiple vulnerabilities in JustSystems products
2023/10/18 JVN#95981460:[Critical]
Improper restriction of XML external entity references (XXE) in Proself
2023/10/17 JVNVU#98392064:
Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2
2023/10/16 JVN#80476432:
web2py vulnerable to OS command injection
2023/10/16 JVN#58574030:
Scanning evasion issue in Cisco Secure Email Gateway
2023/10/10 JVNVU#94752076:
Out-of-bounds read vulnerability in Keyence KV STUDIO and KV REPLAY VIEWER
2023/10/10 JVNVU#99039725:
Multiple vulnerabilities in Micro Research MR-GM series
2023/10/06 JVN#15808274:
e-Gov Client Application fails to restrict custom URL schemes properly
2023/10/04 JVN#08237727:
Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility
2023/10/02 JVNVU#94497038:
Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode
2023/10/02 JVN#39596244:
Improper restriction of XML external entity references (XXE) in FD Application
2023/09/27 JVN#17434995:
Shihonkanri Plus vulnerable to relative path traversal
2023/09/26 JVNVU#95549489:
Multiple vulnerabilities in Panasonic KW Watcher
2023/09/25 JVNVU#95732401:
Trend Micro Mobile Security vulnerable to cross-site scripting
2023/09/22 JVN#97197972:
Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
2023/09/19 JVNVU#90967486:[Critical]
Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution
2023/09/12 JVNVU#95282683:
Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
2023/09/11 JVN#41113329:
Pyramid vulnerable to directory traversal
2023/09/06 JVN#42691027:
"direct" Desktop App for macOS fails to restrict access permissions
2023/09/05 JVN#78113802:
Multiple vulnerabilities in F-RevoCRM
2023/09/05 JVN#92720882:
Multiple vulnerabilities in CGIs of PMailServer and PMailServer2
2023/09/04 JVN#82758000:
Multiple vulnerabilities in SHIRASAGI
2023/08/31 JVN#60140221:
Multiple vulnerabilities in i-PRO VI Web Client
2023/08/28 JVNVU#93886750:
Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL
2023/08/24 JVN#86484824:
SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
2023/08/24 JVN#03447226:
"Skylark" App fails to restrict custom URL schemes properly
2023/08/23 JVN#55217369:
Rakuten WiFi Pocket vulnerable to improper authentication
2023/08/21 JVNVU#96622721:
Multiple vulnerabilities in Panasonic Control FPWIN Pro7
2023/08/21 JVN#98946408:
WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
2023/08/21 JVN#04876736:
Multiple vulnerabilities in LuxCal Web Calendar
2023/08/21 JVNVU#99392903:
Multiple vulnerabilities in TP-Link products
2023/08/21 JVNVU#92545432:
Multiple vulnerabilities in CBC digital video recorders
2023/08/18 JVN#19661362:[Critical]
Multiple vulnerabilities in Proself
2023/08/17 JVN#46993816:
EC-CUBE 2 series vulnerable to cross-site scripting
2023/08/10 JVNVU#91630351:
Multiple vulnerabilities in ELECOM and LOGITEC network devices
2023/08/09 JVNVU#98367862:
Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)
2023/08/09 JVN#84820712:
"Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly
2023/08/07 JVN#42527152:
"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly
2023/08/07 JVN#83334799:
Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API
2023/08/04 JVN#38847224:
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext
2023/08/02 JVN#61337171:
SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
2023/08/01 JVNVU#92193064:
OMRON CJ series and CS/CJ Series EtherNet/IT unit vulnerable to Denial-of-Service (DoS)
2023/08/01 JVNVU#93286117:
Multiple vulnerabilities in OMRON CX-Programmer
2023/07/27 JVNVU#98785541:
Multiple vulnerabilities in Command Center RX (CCRX) of Kyocera Document Solutions MFPs and printers
2023/07/26 JVN#95727578:
Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials
2023/07/26 JVNVU#96643580:
Fujitsu network devices Si-R series and SR-M series vulnerable to authentication bypass
2023/07/24 JVN#37857022:
Improper restriction of XML external entity references (XXE) in Applicant Programme
2023/07/24 JVNVU#93384719:
Trend Micro Maximum Security vulnerable to privilege escalation
2023/07/21 JVN#35897618:[Critical]
GBrowse vulnerable to unrestricted upload of files with dangerous types
2023/07/20 JVN#90560760:
Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"
2023/07/18 JVN#44726469:
Improper restriction of XML external entity references (XXE) in XBRL data create application