Vulnerability Reports

2023

2023/12/11 JVN#34145838:

Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

2023/12/08 JVNVU#98954443:

Multiple vulnerabilities in Edgecross Basic Software for Windows

2023/12/06 JVNVU#92152057:[Critical]

FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection

2023/12/04 JVN#46895889:

RakRak Document Plus vulnerable to path traversal

2023/12/01 JVN#45891816:

Ruckus Access Point vulnerable to cross-site scripting

2023/11/20 JVN#15005948:

Multiple vulnerabilities in LuxCal Web Calendar

2023/11/17 JVNVU#98954968:

Multiple vulnerabilities in EXPRESSCLUSTER X

2023/11/17 JVN#22220399:

Multiple vulnerabilities in CubeCart

2023/11/17 JVN#13618065:

Redmine vulnerable to cross-site scripting

2023/11/16 JVNVU#99077347:

Multiple vulnerabilities in First Corporation's DVRs

2023/11/15 JVNVU#96079387:

ASUSTeK COMPUTER RT-AC87U vulnerable to improper access control

2023/11/14 JVNVU#94119876:

Multiple vulnerabilities in ELECOM and LOGITEC routers

2023/11/14 JVN#67822421:

OSS Calendar vulnerable to SQL injection

2023/11/13 JVN#96209256:

Multiple vulnerabilities in Pleasanter

2023/11/13 JVN#17806703:

Multiple vulnerabilities in Cisco Firepower Management Center Software

2023/11/10 JVNVU#98040889:

Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)

2023/11/10 JVNVU#93840158:

Multiple vulnerabilities in FUJI ELECTRIC products

2023/11/10 JVN#99177549:

HOTELDRUID vulnerable to cross-site scripting

2023/11/10 JVN#86156389:

Remarshal unlimitedly expanding YAML alias nodes

2023/11/07 JVN#29195731:

EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

2023/11/02 JVN#14762986:

Improper restriction of XML external entity references (XXE) in e-Tax software

2023/11/01 JVNVU#96482726:

FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength

2023/10/31 JVN#94132951:

Cybozu Remote Service vulnerable to uncontrolled resource consumption

2023/10/31 JVNVU#99565391:

MCL Technologies MCL-Net vulnerable to directory traversal

2023/10/30 JVN#48057522:

Inkdrop vulnerable to code injection

2023/10/27 JVN#45547161:

Multiple vulnerabilities in baserCMS

2023/10/26 JVNVU#97149791:

Advanced Micro Devices Windows kernel drivers vulnerable to insufficient access control on its IOCTL

2023/10/25 JVN#39139884:

Movable Type vulnerable to cross-site scripting

2023/10/23 JVNVU#98683567:

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Designer

2023/10/23 JVN#02058996:

HP ThinUpdate vulnerable to improper server certificate verification

2023/10/19 JVN#28846531:

Multiple vulnerabilities in JustSystems products

2023/10/18 JVN#95981460:[Critical]

Improper restriction of XML external entity references (XXE) in Proself

2023/10/17 JVNVU#98392064:

Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2

2023/10/16 JVN#80476432:

web2py vulnerable to OS command injection

2023/10/16 JVN#58574030:

Scanning evasion issue in Cisco Secure Email Gateway

2023/10/10 JVNVU#94752076:

Out-of-bounds read vulnerability in Keyence KV STUDIO and KV REPLAY VIEWER

2023/10/10 JVNVU#99039725:

Multiple vulnerabilities in Micro Research MR-GM series

2023/10/06 JVN#15808274:

e-Gov Client Application fails to restrict custom URL schemes properly

2023/10/04 JVN#08237727:

Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility

2023/10/02 JVNVU#94497038:

Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode

2023/10/02 JVN#39596244:

Improper restriction of XML external entity references (XXE) in FD Application

2023/09/27 JVN#17434995:

Shihonkanri Plus vulnerable to relative path traversal

2023/09/26 JVNVU#95549489:

Multiple vulnerabilities in Panasonic KW Watcher

2023/09/25 JVNVU#95732401:

Trend Micro Mobile Security vulnerable to cross-site scripting

2023/09/22 JVN#97197972:

Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

2023/09/19 JVNVU#90967486:[Critical]

Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution

2023/09/12 JVNVU#95282683:

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

2023/09/11 JVN#41113329:

Pyramid vulnerable to directory traversal

2023/09/06 JVN#42691027:

"direct" Desktop App for macOS fails to restrict access permissions

2023/09/05 JVN#78113802:

Multiple vulnerabilities in F-RevoCRM

2023/09/05 JVN#92720882:

Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

2023/09/04 JVN#82758000:

Multiple vulnerabilities in SHIRASAGI

2023/08/31 JVN#60140221:

Multiple vulnerabilities in i-PRO VI Web Client

2023/08/28 JVNVU#93886750:

Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL

2023/08/24 JVN#86484824:

SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

2023/08/24 JVN#03447226:

"Skylark" App fails to restrict custom URL schemes properly

2023/08/23 JVN#55217369:

Rakuten WiFi Pocket vulnerable to improper authentication

2023/08/21 JVNVU#96622721:

Multiple vulnerabilities in Panasonic Control FPWIN Pro7

2023/08/21 JVN#98946408:

WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

2023/08/21 JVN#04876736:

Multiple vulnerabilities in LuxCal Web Calendar

2023/08/21 JVNVU#99392903:

Multiple vulnerabilities in TP-Link products

2023/08/21 JVNVU#92545432:

Multiple vulnerabilities in CBC digital video recorders

2023/08/18 JVN#19661362:[Critical]

Multiple vulnerabilities in Proself

2023/08/17 JVN#46993816:

EC-CUBE 2 series vulnerable to cross-site scripting

2023/08/10 JVNVU#91630351:

Multiple vulnerabilities in ELECOM and LOGITEC network devices

2023/08/09 JVNVU#98367862:

Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)

2023/08/09 JVN#84820712:

"Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly

2023/08/07 JVN#42527152:

"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly

2023/08/07 JVN#83334799:

Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API

2023/08/04 JVN#38847224:

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext

2023/08/02 JVN#61337171:

SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)

2023/08/01 JVNVU#92193064:

OMRON CJ series and CS/CJ Series EtherNet/IT unit vulnerable to Denial-of-Service (DoS)

2023/08/01 JVNVU#93286117:

Multiple vulnerabilities in OMRON CX-Programmer

2023/07/27 JVNVU#98785541:

Multiple vulnerabilities in Command Center RX (CCRX) of Kyocera Document Solutions MFPs and printers

2023/07/26 JVN#95727578:

Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials

2023/07/26 JVNVU#96643580:

Fujitsu network devices Si-R series and SR-M series vulnerable to authentication bypass

2023/07/24 JVN#37857022:

Improper restriction of XML external entity references (XXE) in Applicant Programme

2023/07/24 JVNVU#93384719:

Trend Micro Maximum Security vulnerable to privilege escalation

2023/07/21 JVN#35897618:[Critical]

GBrowse vulnerable to unrestricted upload of files with dangerous types

2023/07/20 JVN#90560760:

Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"

2023/07/18 JVN#44726469:

Improper restriction of XML external entity references (XXE) in XBRL data create application

2023/07/11 JVNVU#91850798:

Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers

2023/07/11 JVN#05223215:

Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters

2023/07/03 JVN#64316789:

Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

2023/06/30 JVN#32739265:

"NewsPicks" App uses a hard-coded API key for an external service

2023/06/29 JVNVU#93767756:

Null pointer dereference vulnerability in multiple printers and MFPs which implement BROTHER debut web server

2023/06/27 JVN#97127032:

WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal

2023/06/27 JVN#78634340:

Multiple vulnerabilities in WAVLINK WL-WN531AX2

2023/06/27 JVN#38343415:

Multiple vulnerabilities in Aterm series

2023/06/22 JVN#97818024:

Multiple vulnerabilities in Pleasanter

2023/06/20 JVN#70502982:

SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

2023/06/16 JVN#19748237:

Multiple vulnerabilities in Panasonic AiSEG2

2023/06/14 JVNVU#92207133:

Printer Driver Packager NX creates driver installation packages without modification detection

2023/06/13 JVNVU#91852506:

Security updates for multiple Trend Micro products for enterprises (June 2023)

2023/06/13 JVN#96828492:

Chatwork Desktop Application (Mac) vulnerable to code injection

2023/06/12 JVN#36060509:

"WPS Office" vulnerable to OS command injection

2023/06/09 JVN#34232595:

ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute

2023/06/09 JVN#28412757:

Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT

2023/06/08 JVNVU#98818508:

Multiple vulnerabilities in Fuji Electric products

2023/06/06 JVNVU#90812349:

Multiple vulnerabilities in KbDevice digital video recorders

2023/06/02 JVNVU#97809354:

Multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader

2023/06/01 JVN#33836375:

"Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification

2023/05/31 JVNVU#93372935:

Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

2023/05/31 JVN#62111727:

Pleasanter vulnerable to cross-site scripting

2023/05/31 JVN#38222042:

DataSpider Servista uses a hard-coded cryptographic key

2023/05/30 JVN#95981715:

Starlette vulnerable to directory traversal

2023/05/26 JVN#19243534:

ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal

2023/05/25 JVN#90278893:

Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access

2023/05/24 JVNVU#94777298:

Multiple vulnerabilities in Canon Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers

2023/05/22 JVN#45127776:

Tornado vulnerable to open redirect

2023/05/19 JVN#14778242:

Multiple vulnerabilities in T&D and ESPEC MIC data logger products

2023/05/18 JVNVU#97891206:

Android App "Brother iPrint&Scan" vulnerable to improper access control

2023/05/18 JVN#48687031:

Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay

2023/05/16 JVNVU#98968780:

OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT

2023/05/15 JVN#41694426:

Multiple vulnerabilities in Cybozu Garoon

2023/05/15 JVN#01093915:

Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

2023/05/12 JVN#11705010:

Beekeeper Studio vulnerable to code injection

2023/05/10 JVN#31701509:

Multiple vulnerabilities in MicroEngine Mailform

2023/05/09 JVN#59341308:

WordPress Plugin "Newsletter" vulnerable to cross-site scripting

2023/05/09 JVN#95792402:

WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting

2023/05/09 JVN#80476232:

SR-7100VN vulnerable to privilege escalation

2023/05/08 JVN#13306058:

JINS MEME CORE uses a hard-coded cryptographic key

2023/05/08 JVN#01937209:

LINE WORKS Drive Explorer vulnerable to code injection

2023/05/08 JVNVU#92106300:

Multiple vulnerabilities in SolarView Compact

2023/04/24 JVNVU#97372625:

Heap-based buffer overflow vulnerability in OMRON CX-Drive

2023/04/24 JVN#00971105:

WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting

2023/04/19 JVN#73178249:

Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft

2023/04/19 JVN#99657911:

WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery

2023/04/19 JVN#50862842:

EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass

2023/04/17 JVNTA#91513661:

Security Issues in FINS protocol

2023/04/17 JVN#14492006:

API server of TONE Family vulnerable to authentication bypass using an alternate path

2023/04/17 JVN#87559956:

Joruri Gw vulnerable to cross-site scripting

2023/04/14 JVN#36340790:

JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor

2023/04/14 JVN#76257155:

Trend Micro Security may insecurely load Dynamic Link Libraries

2023/04/11 JVNVU#98434809:

Multiple mobile printing apps for Android vulnerable to improper intent handling

2023/04/05 JVNVU#98775218:

Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information

2023/04/04 JVN#79149117:

Multiple vulnerabilities in JustSystems products

2023/04/04 JVN#75742861:

Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool

2023/03/31 JVNVU#92145493:

CONPROSYS HMI System(CHS) vulnerable to SQL injection

2023/03/31 JVNVU#99710864:

JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer

2023/03/31 JVN#38170084:

HAProxy vulnerable to HTTP request/response smuggling

2023/03/31 JVN#40604023:[Critical]

Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

2023/03/27 JVN#61105618:

baserCMS vulnerable to arbitrary file uploads

2023/03/24 JVN#35246979:

ELECOM WAB-MAT registers its windows service executable with an unquoted file path

2023/03/17 JVN#62420378:

TP-Link T2600G-28SQ uses vulnerable SSH host keys

2023/03/17 JVNVU#96198617:

Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products

2023/03/13 JVN#64453490:

Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service

2023/03/08 JVN#82424996:

Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config

2023/03/07 JVNVU#96824262:

Multiple vulnerabilities in Buffalo network devices

2023/03/06 JVN#19872280:

Multiple vulnerabilities in PostgreSQL extension module pg_ivm

2023/03/03 JVNVU#94966432:

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

2023/03/02 JVNVU#96890975:

Multiple vulnerabilities in Edgecross Basic Software for Windows

2023/03/01 JVNVU#96882769:

Multiple vulnerabilities in Trend Micro Maximum Security

2023/03/01 JVNVU#96221942:

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

2023/03/01 JVN#57224029:

Multiple vulnerabilities in SS1 and Rakuraku PC Cloud

2023/02/28 JVN#04785663:

Multiple cross-site scripting vulnerabilities in EC-CUBE

2023/02/28 JVN#78253670:

web2py development tool vulnerable to open redirect

2023/02/27 JVNTA#96606604:

Security Problem in Web Browser Permission Mechanism

2023/02/22 JVN#18765463:

Multiple cross-site scripting vulnerabilities in SHIRASAGI

2023/02/17 JVNVU#91848962:

Multiple vulnerabilities in Trend Micro Worry-Free Business Security and Worry-Free Business Security Services

2023/02/14 JVN#00712821:

Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools

2023/02/14 JVN#60263237:

The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries

2023/02/13 JVN#98612206:

Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G

2023/02/10 JVN#60320736:

NEC PC Settings Tool vulnerable to missing authentication for critical function

2023/02/10 JVNVU#99551468:

Zuken Elmic KASAGO uses insufficient random values for TCP Initial Sequence Numbers

2023/02/06 JVN#11257333:

Ichiran App vulnerable to improper server certificate verification

2023/02/03 JVNVU#98917488:

Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2

2023/01/31 JVN#22830348:

Vulnerability in Driver Distributor where passwords are stored in a recoverable format

2023/01/31 JVN#84642320:

SUSHIRO App for Android outputs sensitive information to the log file

2023/01/24 JVNVU#94200979:

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Motion Pro

2023/01/24 JVN#01398015:

pgAdmin 4 vulnerable to directory traversal

2023/01/24 JVN#05288621:

EasyMail vulnerable to cross-site scripting

2023/01/23 JVN#72418815:

Pgpool-II vulnerable to information disclosure

2023/01/23 JVNVU#97195023:

Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections

2023/01/17 JVN#31073333:

WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal

2023/01/12 JVN#57296685:

Multiple vulnerabilities in PIXELA PIX-RT100

2023/01/11 JVN#99957889:

Multiple vulnerabilities in MAHO-PBX NetDevancer series

2023/01/11 JVNVU#93704047:

Multiple vulnerabilities in EXPRESSCLUSTER X

2023/01/11 JVNVU#91744508:

Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH

2023/01/11 JVNVU#97575890:

Active debug code vulnerability in OMRON CP1L-EL20DR-D

2023/01/11 JVN#03832974:

pgAdmin 4 vulnerable to open redirect

2023/01/11 JVN#78481846:

TP-Link SG105PE vulnerable to authentication bypass

2023/01/10 JVNVU#91740661:

OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal

2023/01/06 JVN#55675303:

Digital Arts m-FILTER vulnerable to improper authentication

2023/01/05 JVN#16765254:

Multiple code injection vulnerabilities in ruby-git

2022

2022/12/28 JVNVU#90679513:

Multiple vulnerabilities in Fuji Electric V-SFT and TELLUS

2022/12/28 JVNVU#92811888:

Multiple vulnerabilities in Fuji Electric V-Server

2022/12/23 JVNVU#96679793:

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

2022/12/21 JVN#29902403:

Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries

2022/12/21 JVN#43561812:

+Message App improper handling of Unicode control characters

2022/12/19 JVNVU#92689335:

Use-after-free vulnerability in Omron CX-Drive

2022/12/19 JVN#06093462:

Zenphoto vulnerable to cross-site scripting

2022/12/19 JVN#13075438:

Corel Roxio Creator LJB starts a program with an unquoted file path

2022/12/15 JVNVU#96195138:

Command injection vulnerability in SHARP Multifunctional Products (MFP)

2022/12/15 JVN#96321933:

Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM

2022/12/14 JVNVU#96873821:

Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

2022/12/13 JVN#60211811:

Redmine vulnerable to cross-site scripting