Vulnerability Reports

past 12 months20212020201920182017201620152014201320122011201020092008

2022

2022/06/24 JVN#51464799:
L2Blocker Sensor setup screen vulnerable to authentication bypass
2022/06/23 JVN#02158640:
web2py vulnerable to open redirect
2022/06/17 JVN#93667442:
Gitlab vulnerable to server-side request forgery
2022/06/15 JVN#20930118:
FreeBSD vulnerable to denial-of-service (DoS)
2022/06/14 JVN#94363766:
Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting
2022/06/14 JVNVU#96438711:
Growi vulnerable to weak password requirements
2022/06/09 JVN#32962443:
SHIRASAGI vulnerable to cross-site scripting
2022/06/02 JVNVU#90675050:
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
2022/06/01 JVN#28659051:
T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal
2022/06/01 JVN#04155116:
WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting
2022/05/27 JVN#27256219:
RevoWorks incomplete filtering of MS Office v4 macros
2022/05/27 JVN#13878856:
Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification
2022/05/26 JVNVU#93134398:
Multiple vulnerabilities in Fuji Electric V-SFT, V-Server and V-Server Lite
2022/05/26 JVNVU#99188133:
Multiple vulnerabilities in Fuji Electric V-SFT
2022/05/26 JVNVU#92327282:
Multiple vulnerabilities in CONTEC SolarView Compact
2022/05/24 JVN#15241647:
WordPress plugin "WP Statistics" vulnerable to cross-site scripting
2022/05/23 JVNVU#92641706:
Trend Micro Password Manager vulnerable to privilege escalation
2022/05/20 JVN#15317878:
Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
2022/05/19 JVN#46892984:
Multiple vulnerabilities in Rakuten Casa
2022/05/16 JVN#73897863:
Multiple vulnerabilities in Cybozu Garoon
2022/05/13 JVN#44550983:
Strapi vulnerable to cross-site scripting
2022/05/13 JVN#46241173:
EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery
2022/05/12 JVNVU#93434935:
Installer of Trend Micro HouseCall for Home Networks may insecurely load Dynamic Link Libraries
2022/05/11 JVN#60037444:
Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
2022/05/11 JVNVU#95992089:
Command injection vulnerability in QNAP VioStar series NVR
2022/05/10 JVN#60801132:
GENEREX RCCMD vulnerable to directory traversal
2022/05/09 JVN#96561229:[Critical]
Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
2022/05/09 JVN#50337155:
KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass
2022/05/09 JVN#58266015:
Multiple vulnerabilities in multiple MEIKYO ELECTRIC products
2022/04/22 JVN#54857505:
Hammock AssetView missing authentication for critical functions
2022/04/15 JVN#31606885:
WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery
2022/04/06 JVNVU#97833256:
Trend Micro Antivirus for Mac vulnerable to privilege escalation
2022/03/30 JVN#59576930:
Zero-channel BBS Plus vulnerable to cross-site scripting
2022/03/30 JVN#42543427:
WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization
2022/03/30 JVN#10140834:
AttacheCase may insecurely load Dynamic Link Libraries
2022/03/30 JVNVU#99107357:[Critical]
Trend Micro Apex Central and Trend Micro Apex Central as a Service vulnerable to improper check for file contents
2022/03/22 JVNVU#94900322:
Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection
2022/03/16 JVN#21234459:
Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"
2022/03/15 JVN#87751554:
Multiple vulnerabilities in pfSense
2022/03/11 JVNVU#99391968:
Installer of Trend Micro Portable Security may insecurely load Dynamic Link Libraries
2022/03/10 JVNVU#96777901:
Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
2022/03/10 JVN#72801744:
UNIVERGE WA Series vulnerable to OS command injection
2022/03/08 JVNVU#90673830:
Installer of WPS Office for Windows misconfigures the ACL for the installation directory
2022/03/04 JVN#33214411:
i-FILTER vulnerable to improper check for certificate revocation
2022/03/04 JVNVU#90121984:
Multiple vulnerabilities in OMRON CX-Programmer
2022/03/03 JVN#85572374:
pfSense-pkg-WireGuard vulnerable to directory traversal
2022/03/03 JVN#89524240:
MarkText vulnerable to cross-site scripting
2022/03/03 JVN#87683137:
Norton Security for Mac improperly processes ICMP packets
2022/03/02 JVNVU#92972528:
Multiple vulnerabilities in Trend Micro ServerProtect
2022/03/01 JVNVU#96994445:
Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022)
2022/02/22 JVN#67108459:
EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery
2022/02/22 JVN#53871926:
EC-CUBE improperly handles HTTP Host header values
2022/02/18 JVN#14706307:
Multiple vulnerabilities in a-blog cms
2022/02/17 JVNVU#95075478:
Trend Micro Antivirus for MAC vulnerable to privilege escalation
2022/02/17 JVN#00095004:
Multiple vulnerabilities in phpUploader
2022/02/09 JVN#12969207:
HPE Agentless Management registers unquoted service paths
2022/02/08 JVN#17482543:
Multiple vulnerabilities in multiple ELECOM LAN routers
2022/02/07 JVN#95898697:
Multiple ESET products for macOS vulnerable to improper server certificate verification
2022/02/04 JVN#67396225:
CSV+ vulnerable to cross-site scripting
2022/01/25 JVN#70100915:
Multiple vulnerabilities in TransmitMail
2022/01/24 JVNVU#95024141:
Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux
2022/01/21 JVNVU#94151526:
GROWI vulnerable to authorization bypass through user-controlled key
2022/01/20 JVN#16690037:
Multiple cross-site scripting vulnerabilities in php_mailform
2022/01/19 JVN#64806328:
Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting
2022/01/13 JVN#19826500:
PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption
2022/01/13 JVN#81479705:
Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials
2022/01/12 JVN#49047921:
Jimoty App for Android uses a hard-coded API key for an external service
2022/01/12 JVN#72788165:
Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

2021

2021/12/24 JVNVU#95192472:
Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems
2021/12/24 JVNVU#92279973:
Multiple vulnerabilities in IDEC PLCs
2021/12/23 JVNVU#94883311:
TP-Link TL-WR802N V4(JP) vulnerable to OS command injection
2021/12/22 JVN#66422035:
Android Apps developed using Yappli fails to restrict custom URL schemes properly
2021/12/22 JVNVU#95429813:
Multiple vulnerabilities in QNAP VioStar NVR
2021/12/20 JVN#79798166:
Multiple vulnerabilities in GroupSession
2021/12/17 JVN#13464252:
UNIVERGE DT Series vulnerable to missing encryption of sensitive data
2021/12/08 JVNVU#98117192:
Multiple vulnerabilities in Trend Micro Security 2021 family (Consumer)
2021/12/02 JVN#09136401:
Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"
2021/11/30 JVNVU#94527926:
Multiple vulnerabilities in multiple ELECOM routers
2021/11/30 JVN#88993473:
Multiple vulnerabilities in multiple ELECOM LAN routers
2021/11/30 JVN#19482703:
Wi-Fi STATION SH-52A vulnerable to cross-site scripting
2021/11/26 JVNVU#95400836:
Trend Micro Antivirus for MAC vulnerable to improper access controls
2021/11/26 JVN#81376414:
Multiple vulnerabilities in baserCMS
2021/11/25 JVN#93562098:
WordPress Plugin "Browser and Operating System Finder" vulnerable to cross-site request forgery
2021/11/24 JVN#17645965:
PowerCMS XMLRPC API vulnerable to OS command injection
2021/11/16 JVN#85492429:
WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery
2021/11/16 JVN#22515597:
rwtxt vulnerable to cross-site scripting
2021/11/12 JVN#58407606:
Unlimited Sitemap Generator vulnerable to cross-site request forgery
2021/11/11 JVN#75444925:
Multiple vulnerabilities in EC-CUBE 2 series
2021/11/10 JVN#68066589:
WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting
2021/11/09 JVNVU#91161784:
Multiple vulnerabilities in multiple Yamaha routers
2021/10/29 JVN#69304877:
Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X
2021/10/29 JVN#49465877:
Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent
2021/10/29 JVN#60553023:
ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)
2021/10/28 JVN#33453839:
Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
2021/10/25 JVNVU#92842857:
Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation
2021/10/20 JVN#41119755:[Critical]
Movable Type XMLRPC API vulnerable to OS command injection
2021/10/18 JVN#85073657:
128 Technology Session Smart Router vulnerable to authentication bypass
2021/10/15 JVNVU#90041391:
OMRON CX-Supervisor vulnerable to out-of-bounds read
2021/10/08 JVN#51106450:
Apache HTTP Server vulnerable to directory traversal
2021/10/08 JVN#89126639:
Nike App fails to restrict custom URL schemes properly
2021/09/30 JVNVU#99520559:
Trend Micro ServerProtect family vulnerable to authentication bypass
2021/09/30 JVN#52694228:
Multiple vulnerabilities in Cybozu Remote Service
2021/09/29 JVNVU#99718667:
Trend Micro HouseCall for Home Networks vulnerable to privilege escalation
2021/09/28 JVN#29428319:
WordPress Plugin "OG Tags" vulnerable to cross-site request forgery
2021/09/28 JVN#63023305:
InBody App vulnerable to information disclosure
2021/09/28 JVN#10168753:
SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification
2021/09/17 JVN#42866574:
Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
2021/09/16 JVN#23406150:
EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting
2021/09/13 JVN#46313661:
EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting
2021/09/10 JVN#81658818:
Multiple vulnerabilities in RevoWorks Browser
2021/09/02 JVNVU#94699053:
Trend Micro Security family vulnerable to improper handling of Directory Junction
2021/08/27 JVN#14134801:
baserCMS vulnerable to cross-site scripting
2021/08/25 JVN#97545738:
Multiple cross-site scripting vulnerabilities in Movable Type
2021/08/24 JVN#80288258:
The installers of multiple Sony products may insecurely load Dynamic Link Libraries
2021/08/19 JVNVU#95261759:
Multiple vulnerabilities in Navigate CMS
2021/08/18 JVNVU#90091573:
Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises
2021/08/17 JVN#41646618:
Huawei EchoLife HG8045Q vulnerable to OS command injection
2021/08/16 JVNVU#92088210:
Multiple vulnerabilities in D-Link router DSL-2750U
2021/08/12 JVN#50804280:
Plone vulnerable to open redirect
2021/08/10 JVN#65388002:
WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting
2021/08/02 JVN#54794245:
Multiple vulnerabilities in Cybozu Garoon
2021/07/29 JVNVU#93876919:[Critical]
Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises
2021/07/21 JVN#53278122:
Minecraft Java Edition vulnerable to directory traversal
2021/07/19 JVN#86026700:
Multiple vulnerabilities in GroupSession
2021/07/16 JVNVU#94115268:
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) vulnerable to cross-site scripting
2021/07/14 JVN#34364599:
Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery
2021/07/13 JVN#26891339:
Multiple vulnerabilities in Retty App
2021/07/09 JVN#68971465:
voidtools "Everything" vulnerable to HTTP header injection
2021/07/08 JVN#89054582:
WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery
2021/07/08 JVN#48413554:
WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery
2021/07/07 JVN#25850723:
GU App for Android fails to restrict access permissions
2021/07/06 JVN#42880365:
WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery
2021/07/06 JVN#91372527:
WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery
2021/07/06 JVNVU#94260088:
Multiple vulnerabilities in Elecom routers
2021/07/05 JVNVU#93149000:
Multiple vulnerabilities in Trend Micro Password Manager
2021/07/05 JVN#21636825:
A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass
2021/07/01 JVN#57942445:
EC-CUBE fails to restrict access permissions
2021/06/30 JVN#15185184:
IkaIka RSS Reader vulnerable to cross-site scripting
2021/06/30 JVN#65660590:
boastMachine vulnerable to cross-site scripting