Vulnerability Reports
2023
- 2023/03/17 JVN#62420378:
- TP-Link T2600G-28SQ uses vulnerable SSH host keys
- 2023/03/17 JVNVU#96198617:
- Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products
- 2023/03/13 JVN#64453490:
- Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service
- 2023/03/08 JVN#82424996:
- Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config
- 2023/03/07 JVNVU#96824262:
- Multiple vulnerabilities in Buffalo network devices
- 2023/03/06 JVN#19872280:
- Multiple vulnerabilities in PostgreSQL extension module pg_ivm
- 2023/03/03 JVNVU#94966432:
- Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
- 2023/03/02 JVNVU#96890975:
- Multiple vulnerabilities in Edgecross Basic Software for Windows
- 2023/03/01 JVNVU#96882769:
- Multiple vulnerabilities in Trend Micro Maximum Security
- 2023/03/01 JVNVU#96221942:
- Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
- 2023/03/01 JVN#57224029:
- Multiple vulnerabilities in SS1 and Rakuraku PC Cloud
- 2023/02/28 JVN#04785663:
- Multiple cross-site scripting vulnerabilities in EC-CUBE
- 2023/02/28 JVN#78253670:
- web2py development tool vulnerable to open redirect
- 2023/02/27 JVNTA#96606604:
- Security Problem in Web Browser Permission Mechanism
- 2023/02/22 JVN#18765463:
- Multiple cross-site scripting vulnerabilities in SHIRASAGI
- 2023/02/17 JVNVU#91848962:
- Multiple vulnerabilities in Trend Micro Worry-Free Business Security and Worry-Free Business Security Services
- 2023/02/14 JVN#00712821:
- Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools
- 2023/02/14 JVN#60263237:
- The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries
- 2023/02/13 JVN#98612206:
- Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G
- 2023/02/10 JVN#60320736:
- NEC PC Settings Tool vulnerable to missing authentication for critical function
- 2023/02/10 JVNVU#99551468:
- Zuken Elmic KASAGO uses insufficient random values for TCP Initial Sequence Numbers
- 2023/02/06 JVN#11257333:
- Ichiran App vulnerable to improper server certificate verification
- 2023/02/03 JVNVU#98917488:
- Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2
- 2023/01/31 JVN#22830348:
- Vulnerability in Driver Distributor where passwords are stored in a recoverable format
- 2023/01/31 JVN#84642320:
- SUSHIRO App for Android outputs sensitive information to the log file
- 2023/01/24 JVNVU#94200979:
- Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Motion Pro
- 2023/01/24 JVN#01398015:
- pgAdmin 4 vulnerable to directory traversal
- 2023/01/24 JVN#05288621:
- EasyMail vulnerable to cross-site scripting
- 2023/01/23 JVN#72418815:
- Pgpool-II vulnerable to information disclosure
- 2023/01/23 JVNVU#97195023:
- Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections
- 2023/01/17 JVN#31073333:
- WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal
- 2023/01/12 JVN#57296685:
- Multiple vulnerabilities in PIXELA PIX-RT100
- 2023/01/11 JVN#99957889:
- Multiple vulnerabilities in MAHO-PBX NetDevancer series
- 2023/01/11 JVNVU#93704047:
- Multiple vulnerabilities in EXPRESSCLUSTER X
- 2023/01/11 JVNVU#91744508:
- Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH
- 2023/01/11 JVNVU#97575890:
- Active debug code vulnerability in OMRON CP1L-EL20DR-D
- 2023/01/11 JVN#03832974:
- pgAdmin 4 vulnerable to open redirect
- 2023/01/11 JVN#78481846:
- TP-Link SG105PE vulnerable to authentication bypass
- 2023/01/10 JVNVU#91740661:
- OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal
- 2023/01/06 JVN#55675303:
- Digital Arts m-FILTER vulnerable to improper authentication
- 2023/01/05 JVN#16765254:
- Multiple code injection vulnerabilities in ruby-git
2022
- 2022/12/28 JVNVU#90679513:
- Multiple vulnerabilities in Fuji Electric V-SFT and TELLUS
- 2022/12/28 JVNVU#92811888:
- Multiple vulnerabilities in Fuji Electric V-Server
- 2022/12/23 JVNVU#96679793:
- Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
- 2022/12/21 JVN#29902403:
- Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries
- 2022/12/21 JVN#43561812:
- +Message App improper handling of Unicode control characters
- 2022/12/19 JVNVU#92689335:
- Use-after-free vulnerability in Omron CX-Drive
- 2022/12/19 JVN#06093462:
- Zenphoto vulnerable to cross-site scripting
- 2022/12/19 JVN#13075438:
- Corel Roxio Creator LJB starts a program with an unquoted file path
- 2022/12/15 JVNVU#96195138:
- Command injection vulnerability in SHARP Multifunctional Products (MFP)
- 2022/12/15 JVN#96321933:
- Multiple vulnerabilities in DENSHI NYUSATSU CORE SYSTEM
- 2022/12/14 JVNVU#96873821:
- Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
- 2022/12/13 JVN#60211811:
- Redmine vulnerable to cross-site scripting
- 2022/12/09 JVNVU#97099584:
- Multiple vulnerabilities in Buffalo network devices
- 2022/12/05 JVNVU#93526386:
- Contec SolarView Compact vulnerable to cross-site scripting
- 2022/12/01 JVNVU#94514762:
- Multiple vulnerabilities in UNIMO Technology digital video recorders
- 2022/11/25 JVNVU#92877622:
- Multiple vulnerabilities in OMRON CX-Programmer
- 2022/11/25 JVN#87895771:
- Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption
- 2022/11/25 JVN#53682526:
- Multiple cross-site scripting vulnerabilities in baserCMS
- 2022/11/24 JVN#29657972:
- TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input
- 2022/11/21 JVN#26044739:
- Typora fails to properly neutralize JavaScript code
- 2022/11/18 JVN#13927745:
- WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables
- 2022/11/18 JVNVU#90082799:
- Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
- 2022/11/16 JVN#24659622:
- RICOH Aficio SP 4210N vulnerable to cross-site scripting
- 2022/11/16 JVN#37014768:
- Multiple vulnerabilities in Movable Type
- 2022/11/15 JVNVU#98082029:
- Realtek chip deadlock vulnerability (CVE-2022-34326) in Mitsubishi Electric consumer electronics products
- 2022/11/14 JVN#54728399:
- TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java (Rich) vulnerable to ClassLoader manipulation
- 2022/11/14 JVNVU#97968855:
- Multiple vulnerabilities in Hitachi Kokusai Network products for monitoring system(Camera, Encoder, Decoder)
- 2022/11/10 JVN#75437943:
- Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure
- 2022/11/08 JVN#59663854:
- WordPress Plugin "Salon booking system" vulnerable to cross-site scripting
- 2022/11/08 JVN#09409909:
- Multiple vulnerabilities in WordPress
- 2022/11/01 JVN#46345126:
- Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers
- 2022/10/28 JVN#74285622:
- Multiple vulnerabilities in FUJI SOFT network devices
- 2022/10/25 JVN#86350682:
- Multiple vulnerabilities in SHIRASAGI
- 2022/10/20 JVN#56968681:
- Multiple vulnerabilities in nadesiko3
- 2022/10/19 JVNVU#97131578:
- Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
- 2022/10/19 JVN#10921428:
- Lemon8 App fails to restrict access permissions
- 2022/10/18 JVNVU#99955870:
- Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE
- 2022/10/14 JVN#74534998:
- Android App "IIJ SmartKey" vulnerable to information disclosure
- 2022/10/12 JVNVU#93424017:
- Multiple vulnerabilities in SVMPC1 and SVMPC2
- 2022/10/11 JVN#74592196:[Critical]
- bingo!CMS vulnerable to authentication bypass
- 2022/10/11 JVN#40620121:
- The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries
- 2022/10/07 JVNVU#99960963:
- Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows
- 2022/10/07 JVN#00845253:
- Growi vulnerable to improper access control
- 2022/10/06 JVN#15411362:
- IPFire WebUI vulnerable to cross-site scripting
- 2022/10/04 JVNVU#92805279:
- Multiple vulnerabilities in Buffalo network devices
- 2022/09/30 JVN#78862034:
- BookStack vulnerable to cross-site scripting
- 2022/09/15 JVN#21213852:
- Multiple vulnerabilities in EC-CUBE
- 2022/09/15 JVN#30900552:
- EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files
- 2022/09/15 JVNVU#99326969:
- OpenAM (OpenAM Consortium Edition) vulnerable to open redirect
- 2022/09/14 JVN#36454862:[Critical]
- Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service
- 2022/09/09 JVN#48120704:
- Movable Type plugin A-Form vulnerable to cross-site scripting
- 2022/09/05 JVN#34205166:
- SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure
- 2022/09/02 JVN#76024879:
- PowerCMS XMLRPC API vulnerable to command injection
- 2022/09/01 JVNVU#98305100:
- Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series
- 2022/08/31 JVNVU#90766406:
- Multiple vulnerabilities in PLANEX Network camera products
- 2022/08/29 JVN#44721267:
- Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries
- 2022/08/29 JVN#45473612:
- Multiple vulnerabilities in CentreCOM AR260S V2
- 2022/08/24 JVN#57728859:
- Movable Type XMLRPC API vulnerable to command injection
- 2022/08/24 JVN#46239102:
- Multiple vulnerabilities in Exment
- 2022/08/23 JVNVU#96002401:
- Multiple vulnerabilities in PukiWiki
- 2022/08/23 JVN#43979089:
- PukiWiki vulnerable to cross-site scripting
- 2022/08/22 JVNVU#90821877:
- UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions
- 2022/08/22 JVNVU#98291763:
- PLANEX MZK-DP150N contains hidden administrative functionality
- 2022/08/17 JVNVU#93109244:
- Multiple vulnerabilities in Trend Micro Security
- 2022/08/17 JVNVU#96643038:
- Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation
- 2022/08/04 JVN#42883072:
- Kaitai Struct: compiler vulnerable to denial-of-service (DoS)
- 2022/07/29 JVN#17625382:
- Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001
- 2022/07/28 JVN#57073973:
- "JustSystems JUST Online Update for J-License" starts a program with an unquoted file path
- 2022/07/27 JVNVU#93696585:
- CONTEC SolarView Compact vulnerable to insufficient verification in uploading files
- 2022/07/27 JVN#81563390:
- "Hulu / フールー" App for iOS vulnerable to improper server certificate verification
- 2022/07/27 JVN#40907489:
- "Hulu / フールー" App for Android uses a hard-coded API key for an external service
- 2022/07/25 JVN#77850327:
- WordPress Plugin "Newsletter" vulnerable to cross-site scripting
- 2022/07/25 JVN#30454777:
- Multiple vulnerabilities in untangle
- 2022/07/22 JVN#75063798:
- Booked vulnerable to open redirect
- 2022/07/20 JVN#20573662:
- Multiple vulnerabilities in Cybozu Office
- 2022/07/12 JVN#12610194:
- Django Extract and Trunc functions vulnerable to SQL injection
- 2022/07/12 JVNVU#97846460:
- U-Boot squashfs filesystem implementation vulnerable to heap-based buffer overflow
- 2022/07/08 JVN#23766146:
- Passage Drive vulnerable to insufficient data verification
- 2022/07/04 JVN#14077132:
- Multiple vulnerabilities in Cybozu Garoon
- 2022/07/04 JVN#32625020:
- LiteCart vulnerable to cross-site scripting
- 2022/07/01 JVNVU#97050784:
- Multiple vulnerabilities in OMRON products
- 2022/06/29 JVN#41017328:
- HOME SPOT CUBE2 vulnerable to OS command injection
- 2022/06/24 JVN#51464799:
- L2Blocker Sensor setup screen vulnerable to authentication bypass
- 2022/06/23 JVN#02158640:
- web2py vulnerable to open redirect
- 2022/06/17 JVN#93667442:
- Gitlab vulnerable to server-side request forgery
- 2022/06/15 JVN#20930118:
- FreeBSD vulnerable to denial-of-service (DoS)
- 2022/06/14 JVN#94363766:
- Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting
- 2022/06/14 JVNVU#96438711:
- Growi vulnerable to weak password requirements
- 2022/06/09 JVN#32962443:
- SHIRASAGI vulnerable to cross-site scripting
- 2022/06/02 JVNVU#90675050:
- Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
- 2022/06/01 JVN#28659051:
- T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal
- 2022/06/01 JVN#04155116:
- WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting
- 2022/05/27 JVN#27256219:
- RevoWorks incomplete filtering of MS Office v4 macros
- 2022/05/27 JVN#13878856:
- Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification
- 2022/05/26 JVNVU#93134398:
- Multiple vulnerabilities in Fuji Electric V-SFT, V-Server and V-Server Lite
- 2022/05/26 JVNVU#99188133:
- Multiple vulnerabilities in Fuji Electric V-SFT
- 2022/05/26 JVNVU#92327282:
- Multiple vulnerabilities in CONTEC SolarView Compact
- 2022/05/24 JVN#15241647:
- WordPress plugin "WP Statistics" vulnerable to cross-site scripting
- 2022/05/23 JVNVU#92641706:
- Trend Micro Password Manager vulnerable to privilege escalation
- 2022/05/20 JVN#15317878:
- Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
- 2022/05/19 JVN#46892984:
- Multiple vulnerabilities in Rakuten Casa
- 2022/05/16 JVN#73897863:
- Multiple vulnerabilities in Cybozu Garoon
- 2022/05/13 JVN#44550983:
- Strapi vulnerable to cross-site scripting
- 2022/05/13 JVN#46241173:
- EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery
- 2022/05/12 JVNVU#93434935:
- Installer of Trend Micro HouseCall for Home Networks may insecurely load Dynamic Link Libraries
- 2022/05/11 JVN#60037444:
- Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
- 2022/05/11 JVNVU#95992089:
- Command injection vulnerability in QNAP VioStar series NVR
- 2022/05/10 JVN#60801132:
- GENEREX RCCMD vulnerable to directory traversal
- 2022/05/09 JVN#96561229:[Critical]
- Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
- 2022/05/09 JVN#50337155:
- KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass
- 2022/05/09 JVN#58266015:
- Multiple vulnerabilities in multiple MEIKYO ELECTRIC products
- 2022/04/22 JVN#54857505:
- Hammock AssetView missing authentication for critical functions
- 2022/04/15 JVN#31606885:
- WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery
- 2022/04/06 JVNVU#97833256:
- Trend Micro Antivirus for Mac vulnerable to privilege escalation
- 2022/03/30 JVN#59576930:
- Zero-channel BBS Plus vulnerable to cross-site scripting
- 2022/03/30 JVN#42543427:
- WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization
- 2022/03/30 JVN#10140834:
- AttacheCase may insecurely load Dynamic Link Libraries
- 2022/03/30 JVNVU#99107357:[Critical]
- Trend Micro Apex Central and Trend Micro Apex Central as a Service vulnerable to improper check for file contents