Vulnerability Reports
2024
- 2024/03/18 JVN#94521208:
- Multiple vulnerabilities in FitNesse
- 2024/03/15 JVN#70640802:
- "ABEMA" App for Android fails to restrict access permissions
- 2024/03/08 JVN#48443978:
- a-blog cms vulnerable to directory traversal
- 2024/03/07 JVN#54451757:
- Multiple vulnerabilities in SKYSEA Client View
- 2024/03/07 JVNVU#95852116:
- OMRON NJ/NX series vulnerable to path traversal
- 2024/03/06 JVN#34328023:
- FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery
- 2024/03/06 JVN#82749078:
- Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management
- 2024/03/06 JVN#52919306:
- Toyoko Inn official App vulnerable to improper server certificate verification
- 2024/02/29 JVN#35928117:
- Protection mechanism failure in RevoWorks
- 2024/02/29 JVN#77203800:
- OET-213H-BTS1 missing authorization check in the initial configuration
- 2024/02/29 JVN#78084105:
- OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting
- 2024/02/27 JVN#73283159:
- Multiple vulnerabilities in baserCMS
- 2024/02/21 JVNVU#93534773:
- Multiple vulnerabilities in multiple Trend Micro products
- 2024/02/21 JVNVU#96033712:
- Multiple vulnerabilities in Trend Micro Apex Central
- 2024/02/20 JVNVU#99444194:
- ELECOM wireless LAN routers vulnerable to OS command injection
- 2024/02/20 JVN#44166658:
- Multiple vulnerabilities in ELECOM wireless LAN routers
- 2024/02/15 JVN#48966481:
- a-blog cms vulnerable to URL spoofing
- 2024/02/14 JVNVU#93381734:
- Android App "Mopria Print Service" vulnerable to improper intent handling
- 2024/02/07 JVN#44033918:
- Zeroshell vulnerable to OS command injection
- 2024/02/06 JVN#18743512:
- Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)
- 2024/02/06 JVNVU#90033405:
- Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers
- 2024/02/05 JVNVU#97836276:
- Sharp NEC Display Solutions' public displays vulnerable to local file inclusion
- 2024/02/02 JVNVU#93740658:
- Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2
- 2024/02/02 JVNVU#99844997:
- Incorrect permission assignment vulnerability in Trend Micro uiAirSupport
- 2024/02/01 JVN#63567545:
- Group Office vulnerable to cross-site scripting
- 2024/02/01 JVN#41129639:
- Payment EX vulnerable to information disclosure
- 2024/01/30 JVNVU#94591337:
- Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services
- 2024/01/24 JVN#70818619:
- "Mercari" App for Android fails to restrict custom URL schemes properly
- 2024/01/24 JVN#93541851:
- Oracle WebLogic Server vulnerable to HTTP header injection
- 2024/01/23 JVN#96154238:
- Android App "Spoon" uses a hard-coded API key for an external service
- 2024/01/23 JVN#77736613:
- Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
- 2024/01/23 JVN#01434915:
- Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"
- 2024/01/23 JVN#40049211:
- Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense
- 2024/01/23 JVNVU#90908488:
- ELECOM wireless LAN routers vulnerable to OS command injection
- 2024/01/23 JVNVU#99896362:
- Yamaha wireless LAN access point devices vulnerable to active debug code
- 2024/01/22 JVN#73587943:
- Access analysis CGI An-Analyzer vulnerable to open redirect
- 2024/01/22 JVN#34565930:
- Multiple vulnerabilities in a-blog cms
- 2024/01/19 JVN#67215338:
- FusionPBX vulnerable to cross-site scripting
- 2024/01/18 JVN#83655695:
- Multiple Dahua Technology products vulnerable to authentication bypass
- 2024/01/16 JVN#63383723:
- Drupal vulnerable to improper handling of structural elements
- 2024/01/15 JVN#51135247:
- Pleasanter vulnerable to cross-site scripting
- 2024/01/15 JVN#96240417:
- Thermal camera TMC series vulnerable to insufficient technical documentation
- 2024/01/12 JVN#37326856:
- Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"
- 2024/01/09 JVNVU#92102247:
- Multiple vulnerabilities in Panasonic Control FPWIN Pro7
- 2024/01/09 JVNVU#91401812:
- Multiple TP-Link products vulnerable to OS command injection
2023
- 2023/12/26 JVN#32646742:
- Multiple vulnerabilities in PowerCMS
- 2023/12/26 JVN#23771490:
- Multiple vulnerabilities in BUFFALO VR-S1000
- 2023/12/22 JVNVU#97943829:
- Brother iPrint&Scan Desktop for Windows vulnerable to improper link resolution before file access
- 2023/12/14 JVNVU#97876221:
- WordPress plugin "MW WP Form" vulnerable to arbitrary file upload
- 2023/12/13 JVN#18715935:
- Multiple vulnerabilities in GROWI
- 2023/12/12 JVNVU#97499577:
- ELECOM wireless LAN routers vulnerable to OS command injection
- 2023/12/11 JVN#34145838:
- Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series
- 2023/12/08 JVNVU#98954443:
- Multiple vulnerabilities in Edgecross Basic Software for Windows
- 2023/12/06 JVNVU#92152057:[Critical]
- FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection
- 2023/12/04 JVN#46895889:
- RakRak Document Plus vulnerable to path traversal
- 2023/12/01 JVN#45891816:
- Ruckus Access Point vulnerable to cross-site scripting
- 2023/11/20 JVN#15005948:
- Multiple vulnerabilities in LuxCal Web Calendar
- 2023/11/17 JVNVU#98954968:
- Multiple vulnerabilities in EXPRESSCLUSTER X
- 2023/11/17 JVN#22220399:
- Multiple vulnerabilities in CubeCart
- 2023/11/17 JVN#13618065:
- Redmine vulnerable to cross-site scripting
- 2023/11/16 JVNVU#99077347:
- Multiple vulnerabilities in First Corporation's DVRs
- 2023/11/15 JVNVU#96079387:
- ASUSTeK COMPUTER RT-AC87U vulnerable to improper access control
- 2023/11/14 JVNVU#94119876:
- Multiple vulnerabilities in ELECOM and LOGITEC routers
- 2023/11/14 JVN#67822421:
- OSS Calendar vulnerable to SQL injection
- 2023/11/13 JVN#96209256:
- Multiple vulnerabilities in Pleasanter
- 2023/11/13 JVN#17806703:
- Multiple vulnerabilities in Cisco Firepower Management Center Software
- 2023/11/10 JVNVU#98040889:
- Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)
- 2023/11/10 JVNVU#93840158:
- Multiple vulnerabilities in FUJI ELECTRIC products
- 2023/11/10 JVN#99177549:
- HOTELDRUID vulnerable to cross-site scripting
- 2023/11/10 JVN#86156389:
- Remarshal unlimitedly expanding YAML alias nodes
- 2023/11/07 JVN#29195731:
- EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution
- 2023/11/02 JVN#14762986:
- Improper restriction of XML external entity references (XXE) in e-Tax software
- 2023/11/01 JVNVU#96482726:
- FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength
- 2023/10/31 JVN#94132951:
- Cybozu Remote Service vulnerable to uncontrolled resource consumption
- 2023/10/31 JVNVU#99565391:
- MCL Technologies MCL-Net vulnerable to directory traversal
- 2023/10/30 JVN#48057522:
- Inkdrop vulnerable to code injection
- 2023/10/27 JVN#45547161:
- Multiple vulnerabilities in baserCMS
- 2023/10/26 JVNVU#97149791:
- Advanced Micro Devices Windows kernel drivers vulnerable to insufficient access control on its IOCTL
- 2023/10/25 JVN#39139884:
- Movable Type vulnerable to cross-site scripting
- 2023/10/23 JVNVU#98683567:
- Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Designer
- 2023/10/23 JVN#02058996:
- HP ThinUpdate vulnerable to improper server certificate verification
- 2023/10/19 JVN#28846531:
- Multiple vulnerabilities in JustSystems products
- 2023/10/18 JVN#95981460:[Critical]
- Improper restriction of XML external entity references (XXE) in Proself
- 2023/10/17 JVNVU#98392064:
- Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2
- 2023/10/16 JVN#80476432:
- web2py vulnerable to OS command injection
- 2023/10/16 JVN#58574030:
- Scanning evasion issue in Cisco Secure Email Gateway
- 2023/10/10 JVNVU#94752076:
- Out-of-bounds read vulnerability in Keyence KV STUDIO and KV REPLAY VIEWER
- 2023/10/10 JVNVU#99039725:
- Multiple vulnerabilities in Micro Research MR-GM series
- 2023/10/06 JVN#15808274:
- e-Gov Client Application fails to restrict custom URL schemes properly
- 2023/10/04 JVN#08237727:
- Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility
- 2023/10/02 JVNVU#94497038:
- Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode
- 2023/10/02 JVN#39596244:
- Improper restriction of XML external entity references (XXE) in FD Application
- 2023/09/27 JVN#17434995:
- Shihonkanri Plus vulnerable to relative path traversal
- 2023/09/26 JVNVU#95549489:
- Multiple vulnerabilities in Panasonic KW Watcher
- 2023/09/25 JVNVU#95732401:
- Trend Micro Mobile Security vulnerable to cross-site scripting
- 2023/09/22 JVN#97197972:
- Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
- 2023/09/19 JVNVU#90967486:[Critical]
- Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution
- 2023/09/12 JVNVU#95282683:
- Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
- 2023/09/11 JVN#41113329:
- Pyramid vulnerable to directory traversal
- 2023/09/06 JVN#42691027:
- "direct" Desktop App for macOS fails to restrict access permissions
- 2023/09/05 JVN#78113802:
- Multiple vulnerabilities in F-RevoCRM
- 2023/09/05 JVN#92720882:
- Multiple vulnerabilities in CGIs of PMailServer and PMailServer2
- 2023/09/04 JVN#82758000:
- Multiple vulnerabilities in SHIRASAGI
- 2023/08/31 JVN#60140221:
- Multiple vulnerabilities in i-PRO VI Web Client
- 2023/08/28 JVNVU#93886750:
- Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL
- 2023/08/24 JVN#86484824:
- SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
- 2023/08/24 JVN#03447226:
- "Skylark" App fails to restrict custom URL schemes properly
- 2023/08/23 JVN#55217369:
- Rakuten WiFi Pocket vulnerable to improper authentication
- 2023/08/21 JVNVU#96622721:
- Multiple vulnerabilities in Panasonic Control FPWIN Pro7
- 2023/08/21 JVN#98946408:
- WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
- 2023/08/21 JVN#04876736:
- Multiple vulnerabilities in LuxCal Web Calendar
- 2023/08/21 JVNVU#99392903:
- Multiple vulnerabilities in TP-Link products
- 2023/08/21 JVNVU#92545432:
- Multiple vulnerabilities in CBC digital video recorders
- 2023/08/18 JVN#19661362:[Critical]
- Multiple vulnerabilities in Proself
- 2023/08/17 JVN#46993816:
- EC-CUBE 2 series vulnerable to cross-site scripting
- 2023/08/10 JVNVU#91630351:
- Multiple vulnerabilities in ELECOM and LOGITEC network devices
- 2023/08/09 JVNVU#98367862:
- Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)
- 2023/08/09 JVN#84820712:
- "Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly
- 2023/08/07 JVN#42527152:
- "FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly
- 2023/08/07 JVN#83334799:
- Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API
- 2023/08/04 JVN#38847224:
- Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext
- 2023/08/02 JVN#61337171:
- SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
- 2023/08/01 JVNVU#92193064:
- OMRON CJ series and CS/CJ Series EtherNet/IT unit vulnerable to Denial-of-Service (DoS)
- 2023/08/01 JVNVU#93286117:
- Multiple vulnerabilities in OMRON CX-Programmer
- 2023/07/27 JVNVU#98785541:
- Multiple vulnerabilities in Command Center RX (CCRX) of Kyocera Document Solutions MFPs and printers
- 2023/07/26 JVN#95727578:
- Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials
- 2023/07/26 JVNVU#96643580:
- Fujitsu network devices Si-R series and SR-M series vulnerable to authentication bypass
- 2023/07/24 JVN#37857022:
- Improper restriction of XML external entity references (XXE) in Applicant Programme
- 2023/07/24 JVNVU#93384719:
- Trend Micro Maximum Security vulnerable to privilege escalation
- 2023/07/21 JVN#35897618:[Critical]
- GBrowse vulnerable to unrestricted upload of files with dangerous types
- 2023/07/20 JVN#90560760:
- Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"
- 2023/07/18 JVN#44726469:
- Improper restriction of XML external entity references (XXE) in XBRL data create application
- 2023/07/11 JVNVU#91850798:
- Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers
- 2023/07/11 JVN#05223215:
- Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
- 2023/07/03 JVN#64316789:
- Multiple vulnerabilities in SoftEther VPN and PacketiX VPN
- 2023/06/30 JVN#32739265:
- "NewsPicks" App uses a hard-coded API key for an external service
- 2023/06/29 JVNVU#93767756:
- Null pointer dereference vulnerability in multiple printers and MFPs which implement BROTHER debut web server
- 2023/06/27 JVN#97127032:
- WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal
- 2023/06/27 JVN#78634340:
- Multiple vulnerabilities in WAVLINK WL-WN531AX2
- 2023/06/27 JVN#38343415:
- Multiple vulnerabilities in Aterm series
- 2023/06/22 JVN#97818024:
- Multiple vulnerabilities in Pleasanter
- 2023/06/20 JVN#70502982:
- SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
- 2023/06/16 JVN#19748237:
- Multiple vulnerabilities in Panasonic AiSEG2
- 2023/06/14 JVNVU#92207133:
- Printer Driver Packager NX creates driver installation packages without modification detection
- 2023/06/13 JVNVU#91852506:
- Security updates for multiple Trend Micro products for enterprises (June 2023)
- 2023/06/13 JVN#96828492:
- Chatwork Desktop Application (Mac) vulnerable to code injection
- 2023/06/12 JVN#36060509:
- "WPS Office" vulnerable to OS command injection
- 2023/06/09 JVN#34232595:
- ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute
- 2023/06/09 JVN#28412757:
- Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT
- 2023/06/08 JVNVU#98818508:
- Multiple vulnerabilities in Fuji Electric products
- 2023/06/06 JVNVU#90812349:
- Multiple vulnerabilities in KbDevice digital video recorders
- 2023/06/02 JVNVU#97809354:
- Multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader
- 2023/06/01 JVN#33836375:
- "Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification
- 2023/05/31 JVNVU#93372935:
- Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
- 2023/05/31 JVN#62111727:
- Pleasanter vulnerable to cross-site scripting
- 2023/05/31 JVN#38222042:
- DataSpider Servista uses a hard-coded cryptographic key
- 2023/05/30 JVN#95981715:
- Starlette vulnerable to directory traversal
- 2023/05/26 JVN#19243534:
- ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal
- 2023/05/25 JVN#90278893:
- Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access
- 2023/05/24 JVNVU#94777298:
- Multiple vulnerabilities in Canon Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers
- 2023/05/22 JVN#45127776:
- Tornado vulnerable to open redirect
- 2023/05/19 JVN#14778242:
- Multiple vulnerabilities in T&D and ESPEC MIC data logger products
- 2023/05/18 JVNVU#97891206:
- Android App "Brother iPrint&Scan" vulnerable to improper access control
- 2023/05/18 JVN#48687031:
- Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay
- 2023/05/16 JVNVU#98968780:
- OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT
- 2023/05/15 JVN#41694426:
- Multiple vulnerabilities in Cybozu Garoon
- 2023/05/15 JVN#01093915:
- Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"
- 2023/05/12 JVN#11705010:
- Beekeeper Studio vulnerable to code injection
- 2023/05/10 JVN#31701509:
- Multiple vulnerabilities in MicroEngine Mailform
- 2023/05/09 JVN#59341308:
- WordPress Plugin "Newsletter" vulnerable to cross-site scripting
- 2023/05/09 JVN#95792402:
- WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting
- 2023/05/09 JVN#80476232:
- SR-7100VN vulnerable to privilege escalation
- 2023/05/08 JVN#13306058:
- JINS MEME CORE uses a hard-coded cryptographic key
- 2023/05/08 JVN#01937209:
- LINE WORKS Drive Explorer vulnerable to code injection
- 2023/05/08 JVNVU#92106300:
- Multiple vulnerabilities in SolarView Compact
- 2023/04/24 JVNVU#97372625:
- Heap-based buffer overflow vulnerability in OMRON CX-Drive
- 2023/04/24 JVN#00971105:
- WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting
- 2023/04/19 JVN#73178249:
- Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft
- 2023/04/19 JVN#99657911:
- WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery
- 2023/04/19 JVN#50862842:
- EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass
- 2023/04/17 JVNTA#91513661:
- Security Issues in FINS protocol
- 2023/04/17 JVN#14492006:
- API server of TONE Family vulnerable to authentication bypass using an alternate path
- 2023/04/17 JVN#87559956:
- Joruri Gw vulnerable to cross-site scripting
- 2023/04/14 JVN#36340790:
- JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor
- 2023/04/14 JVN#76257155:
- Trend Micro Security may insecurely load Dynamic Link Libraries
- 2023/04/11 JVNVU#98434809:
- Multiple mobile printing apps for Android vulnerable to improper intent handling
- 2023/04/05 JVNVU#98775218:
- Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information
- 2023/04/04 JVN#79149117:
- Multiple vulnerabilities in JustSystems products
- 2023/04/04 JVN#75742861:
- Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool
- 2023/03/31 JVNVU#92145493:
- CONPROSYS HMI System(CHS) vulnerable to SQL injection
- 2023/03/31 JVNVU#99710864:
- JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer
- 2023/03/31 JVN#38170084:
- HAProxy vulnerable to HTTP request/response smuggling
- 2023/03/31 JVN#40604023:[Critical]
- Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210
- 2023/03/27 JVN#61105618:
- baserCMS vulnerable to arbitrary file uploads
- 2023/03/24 JVN#35246979:
- ELECOM WAB-MAT registers its windows service executable with an unquoted file path