Vulnerability Reports
2025
- 2025/04/18 JVN#22348866:[Critical]
- Active! mail vulnerable to stack-based buffer overflow
- 2025/04/10 JVN#30641875:
- Multiple vulnerabilities in BizRobo!
- 2025/04/10 JVNVU#94912671:
- TP-Link Deco BE65 Pro vulnerable to OS command injection
- 2025/04/08 JVNVU#98349623:
- Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)
- 2025/04/04 JVNVU#93925742:
- Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'
- 2025/04/03 JVN#59547048:
- WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass
- 2025/04/02 JVN#17260367:
- Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products
- 2025/04/01 JVN#87266215:
- WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization
- 2025/04/01 JVNVU#93701955:
- Out-of-bounds Write vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers
- 2025/03/28 JVNVU#92821536:
- Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers
- 2025/03/28 JVN#66982699:[Critical]
- a-blog cms vulnerable to untrusted data deserialization
- 2025/03/26 JVN#39026557:
- Multiple vulnerabilities in PowerCMS
- 2025/03/25 JVNVU#91154745:
- Multiple vulnerabilities in CHOCO TEI WATCHER mini
- 2025/03/25 JVN#26321838:
- Multiple vulnerabilities in AssetView
- 2025/03/19 JVN#04278547:
- Multiple vulnerabilities in home gateway HGW-BL1500HM
- 2025/03/18 JVN#11230428:
- +F FS010M vulnerable to OS command injection
- 2025/03/12 JVN#19358384:
- hostapd vulnerable to improper processing of RADIUS packets
- 2025/03/06 JVN#24992507:
- Multiple vulnerabilities in RemoteView Agent (for Windows)
- 2025/02/28 JVNVU#96398949:
- Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)
- 2025/02/19 JVN#91300609:
- RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres
- 2025/02/19 JVN#48742353:
- Multiple cross-site scripting vulnerabilities in Movable Type
- 2025/02/17 JVNVU#92320053:
- Out-of-bounds read vulnerability in OMRON CX-Programmer
- 2025/02/17 JVNVU#96297631:
- Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs
- 2025/02/17 JVN#26024080:
- Multiple vulnerabilities in The LuxCal Web Calendar
- 2025/02/17 JVNVU#97639704:
- ASUSTeK COMPUTER Lyra mini vulnerable to improper authentication
- 2025/02/17 JVNVU#92071645:
- "RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel
- 2025/02/14 JVN#96957439:
- acmailer CGI and acmailer DB vulnerable to OS command injection
- 2025/02/14 JVN#65447879:
- Multiple vulnerabilities in NEC Aterm series (NV25-003)
- 2025/02/14 JVNVU#92227620:
- Out-of-bounds read vulnerability in Cente middleware
- 2025/02/13 JVN#80527854:
- Multiple vulnerabilities in FileMegane
- 2025/02/12 JVN#84319378:
- acmailer vulnerable to cross-site scripting
- 2025/02/05 JVN#66673020:
- Multiple vulnerabilities in Defense Platform Home Edition
- 2025/02/04 JVN#94806805:
- WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery
- 2025/01/29 JVN#23839833:
- SXF Common Library vulnerable to improper input data handling
- 2025/01/28 JVNVU#93455283:
- Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers
- 2025/01/28 JVN#88046370:
- WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting
- 2025/01/27 JVN#05508012:
- EXIF Viewer Classic vulnerable to cross-site scripting
- 2025/01/22 JVN#15293958:
- Multiple vulnerabilities in I-O DATA router UD-LT2
- 2025/01/21 JVN#83855727:
- FortiWeb vulnerable to SQL injection
- 2025/01/15 JVNVU#92217718:
- Linux Ratfor vulnerable to stack-based buffer overflow
- 2025/01/14 JVNVU#99653331:
- Multiple vulnerabilities in STEALTHONE D220/D340/D440
- 2025/01/14 JVNVU#98734299:
- Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer
- 2025/01/14 JVNVU#96335720:
- OMRON NJ/NX series vulnerable to path traversal
- 2025/01/08 JVN#57428125:
- PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting
- 2025/01/08 JVNVU#99901190:
- Multiple vulnerabilities in FUJIFILM Business Innovation Xerox FreeFlow Core
2024
- 2024/12/24 JVNVU#92980681:
- Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element
- 2024/12/20 JVNVU#95720792:
- Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024)
- 2024/12/16 JVN#08430039:
- "Shonen Jump+" App for Android fails to restrict custom URL schemes properly
- 2024/12/16 JVN#61635834:
- Multiple vulnerabilities in SHARP routers
- 2024/12/13 JVNVU#91084137:
- Multiple vulnerabilities in FXC AE1021 and AE1021PE
- 2024/12/13 JVNVU#90748215:
- WordPress Plugin "My WP Customize Admin/Frontend" vulnerable to cross-site scripting
- 2024/12/05 JVNVU#93693807:
- Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection
- 2024/12/04 JVN#46615026:[Critical]
- Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX
- 2024/12/02 JVN#53958863:
- Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers
- 2024/11/29 JVN#43845108:
- Multiple FCNT Android devices vulnerable to authentication bypass
- 2024/11/28 JVNVU#97531313:
- Multiple vulnerabilities in FUJI ELECTRIC products
- 2024/11/27 JVN#88385716:
- HAProxy vulnerable to HTTP request/response smuggling
- 2024/11/26 JVN#87182660:
- WordPress Plugin "WP Admin UI Customize" vulnerable to cross-site scripting
- 2024/11/21 JVNVU#92857077:
- Multiple vulnerabilities in Edgecross Basic Software for Windows
- 2024/11/20 JVN#16114985:
- "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key
- 2024/11/20 JVNVU#99607268:
- Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)
- 2024/11/18 JVNVU#90667116:
- Multiple vulnerabilities in Rakuten Turbo 5G
- 2024/11/15 JVN#36791327:
- Multiple vulnerabilities in FitNesse
- 2024/11/13 JVN#05136799:
- WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting
- 2024/11/12 JVNVU#90676195:
- Multiple vulnerabilities in SoftBank Mesh Wi-Fi router RP562B
- 2024/11/05 JVNVU#96058081:
- Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control
- 2024/11/01 JVNVU#95685374:
- Incorrect authorization vulnerability in OMRON Sysmac Studio
- 2024/10/31 JVN#87770340:
- Stack-based buffer overflow vulnerability in multiple Ricoh laser printers and MFPs which implement Web Image Monitor
- 2024/10/31 JVNVU#95001899:
- REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers
- 2024/10/31 JVNVU#94153896:
- Command injection vulnerability in Trend Micro Cloud Edge
- 2024/10/30 JVN#11779839:
- Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials
- 2024/10/28 JVN#78335885:
- Chatwork Desktop Application (Windows) uses a potentially dangerous function
- 2024/10/25 JVNVU#95063136:
- Multiple vulnerabilities in Sharp and Toshiba Tec MFPs
- 2024/10/25 JVN#00876083:
- Multiple vulnerabilities in baserCMS
- 2024/10/21 JVNVU#93072012:
- Multiple SQL injection vulnerabilities in Trend Micro Deep Discovery Inspector
- 2024/10/18 JVN#41397971:
- Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software
- 2024/10/18 JVN#57285747:
- N-LINE vulnerable to HTML injection
- 2024/10/18 JVN#31982676:
- MUSASI version 3 performing authentication on client-side
- 2024/10/15 JVN#58721679:
- SHIRASAGI vulnerable to path traversal
- 2024/10/11 JVN#74538317:
- Multiple vulnerabilities in Exment
- 2024/10/10 JVN#54676967:
- baserCMS plugin "BurgerEditor" vulnerable to directory listing
- 2024/10/02 JVNVU#92808077:
- Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
- 2024/10/01 JVN#72148744:
- Apache Tomcat improper handling of TLS handshake process data
- 2024/09/30 JVNVU#95133448:
- Insecure initial password configuration issue in SEIKO EPSON Web Config
- 2024/09/30 JVN#39280069:
- RevoWorks Cloud vulnerable to unintended process execution
- 2024/09/30 JVN#42445661:
- Multiple vulnerabilities in Smart-tab
- 2024/09/27 JVN#21176842:
- MF Teacher Performance Management System vulnerable to cross-site scripting
- 2024/09/27 JVNVU#91077448:
- SNMP service is enabled by default in Sharp NEC Display Solutions projectors
- 2024/09/24 JVN#57749899:
- The installer of e-Tax software(common program) vulnerable to privilege escalation
- 2024/09/24 JVN#78356367:
- Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions
- 2024/09/24 JVN#81966868:
- Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices
- 2024/09/18 JVNVU#90142679:
- Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders
- 2024/09/18 JVN#19766555:
- Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
- 2024/09/18 JVN#42386607:
- Assimp vulnerable to heap-based buffer overflow
- 2024/09/09 JVN#05579230:
- Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery
- 2024/09/09 JVN#67456481:
- Pgpool-II vulnerable to information disclosure
- 2024/09/09 JVN#65724976:
- WordPress Plugin "Forminator" vulnerable to cross-site scripting
- 2024/09/09 JVN#81570776:
- "@cosme" App fails to restrict custom URL schemes properly
- 2024/09/06 JVN#32529796:
- Multiple products from KINGSOFT JAPAN vulnerable to path traversal
- 2024/09/06 JVN#49873988:
- Secure Boot bypass Vulnerability in PRIMERGY
- 2024/09/04 JVN#67963942:
- WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
- 2024/08/30 JVN#29238389:
- IPCOM vulnerable to information disclosure
- 2024/08/30 JVN#25264194:
- Multiple vulnerabilities in WordPress plugin "Carousel Slider"
- 2024/08/30 JVNVU#96959731:
- Multiple vulnerabilities in IDEC PLCs
- 2024/08/30 JVNVU#99905584:
- Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflow
- 2024/08/29 JVNVU#96242582:
- Multiple vulnerabilities in IDEC Operator Interfaces products
- 2024/08/29 JVN#08342147:
- WindLDR and WindO/I-NV4 store sensitive information in cleartext
- 2024/08/28 JVNVU#96498690:
- xfpt vulnerable to stack-based buffer overflow
- 2024/08/27 JVN#24885537:
- Multiple vulnerabilities in ELECOM wireless LAN routers and access points
- 2024/08/23 JVN#12824024:
- BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection
- 2024/08/22 JVN#83440451:
- Multiple Safie products vulnerable to improper server certificate verification
- 2024/08/20 JVN#56648919:
- "Rakuten Ichiba App" fails to restrict custom URL schemes properly
- 2024/08/06 JVN#78728294:
- Firmware update for RICOH JavaTM Platform resets the TLS configuration
- 2024/08/06 JVN#29845579:
- Cybozu Office vulnerable to bypass browsing restrictions in Custom App
- 2024/08/05 JVN#70666401:
- Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN
- 2024/08/05 JVN#50850706:
- Pimax Play and PiTool accept WebSocket connections from unintended endpoints
- 2024/07/30 JVN#26734798:
- FFRI AMC vulnerable to OS command injection
- 2024/07/30 JVN#26225832:
- EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting
- 2024/07/30 JVN#48324254:
- EC-CUBE 4 Series improper input validation when installing plugins
- 2024/07/30 JVN#06672778:
- Multiple vulnerabilities in ELECOM wireless LAN routers
- 2024/07/29 JVN#84326763:
- Multiple vulnerabilities in SKYSEA Client View
- 2024/07/29 JVN#16420523:
- SDoP vulnerable to stack-based buffer overflow
- 2024/07/26 JVN#02030803:
- ORC vulnerable to stack-based buffer overflow
- 2024/07/23 JVNVU#98330908:
- Multiple products from Check Point Software Technologies vulnerable to information disclosure
- 2024/07/18 JVN#87710540:
- Assimp vulnerable to heap-based buffer overflow
- 2024/07/16 JVNVU#96424864:
- Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series
- 2024/07/16 JVN#74825766:
- Cybozu Garoon vulnerable to cross-site scripting
- 2024/07/16 JVN#25583987:
- FUJITSU Network Edgiot GW1500 vulnerable to path traversal
- 2024/07/10 JVN#14294633:
- Out-of-bounds write vulnerability in Ricoh MFPs and printers
- 2024/07/09 JVN#81442045:
- Multiple vulnerabilities in multiple Webmin products
- 2024/07/08 JVN#28515217:
- Cleartext transmission issue in TONE store App to TONE store
- 2024/07/03 JVN#94347255:
- JP1/Extensible SNMP Agent fails to restrict access permissions
- 2024/06/28 JVN#01073312:
- "Piccoma" App uses a hard-coded API key for an external service
- 2024/06/27 JVNVU#99784493:
- Multiple TP-Link products vulnerable to OS command injection
- 2024/06/26 JVN#34977158:
- WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery
- 2024/06/21 JVNVU#91384468:
- LINE client for iOS vulnerable to universal cross-site scripting
- 2024/06/19 JVNVU#99027428:
- Multiple vulnerabilities in multiple Trend Micro products
- 2024/06/19 JVN#37818611:
- "ZOZOTOWN" App for Android fails to restrict custom URL schemes properly
- 2024/06/19 JVN#60331535:
- WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page
- 2024/06/18 JVN#00442488:
- Multiple vulnerabilities in Ricoh Streamline NX PC Client
- 2024/06/18 JVN#65171386:
- Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR
- 2024/06/14 JVNVU#97136265:
- Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
- 2024/06/12 JVN#25594256:
- Denial-of-service (DoS) vulnerability in IPCOM WAF function
- 2024/06/07 JVN#79213252:
- WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection
- 2024/06/07 JVN#55045256:
- Multiple vulnerabilities in "FreeFrom - the nostr client" App
- 2024/06/03 JVN#43215077:
- Multiple vulnerabilities in UNIVERSAL PASSPORT RX
- 2024/05/31 JVNVU#93051062:
- Multiple vulnerabilities in Sharp and Toshiba Tec MFPs
- 2024/05/31 JVNVU#94872523:
- Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection
- 2024/05/30 JVN#80506242:
- awkblog vulnerable to OS command injection
- 2024/05/29 JVN#22182715:
- Redmine DMSF Plugin vulnerable to path traversal
- 2024/05/29 JVN#15637138:
- EC-Orange vulnerable to authorization bypass
- 2024/05/28 JVNVU#97214223:
- ELECOM wireless LAN routers vulnerable to OS command injection
- 2024/05/28 JVN#17680667:
- Multiple vulnerabilities in Unifier and Unifier Cast
- 2024/05/28 JVN#71404925:
- Multiple vulnerabilities in UTAU
- 2024/05/27 JVNVU#92504444:
- OMRON NJ/NX series vulnerable to insufficient verification of data authenticity
- 2024/05/24 JVN#56781258:
- Splunk Config Explorer vulnerable to cross-site scripting
- 2024/05/24 JVN#35838128:
- WordPress Plugin "WP Booking" vulnerable to cross-site scripting
- 2024/05/21 JVN#29471697:
- Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification
- 2024/05/17 JVN#85380030:
- WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal
- 2024/05/16 JVNVU#95120091:
- Panasonic KW Watcher vulnerable to memory buffer error
- 2024/05/15 JVNVU#92249385:
- Ruijie BCR810W/BCR860 vulnerable to OS command injection
- 2024/05/15 JVNVU#95350607:
- Multiple vulnerabilities in Field Logic DataCube
- 2024/05/13 JVN#28869536:
- Multiple vulnerabilities in Cybozu Garoon
- 2024/05/10 JVNVU#99669446:
- Central Dogma vulnerable to cross-site scripting
- 2024/05/10 JVN#83405304:
- "OfferBox" App uses a hard-coded secret key
- 2024/05/10 JVN#61054671:
- Phormer vulnerable to cross-site scripting
- 2024/05/09 JVN#97751842:
- Multiple vulnerabilities in MosP kintai kanri
- 2024/05/08 JVN#87694318:
- WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting
- 2024/05/07 JVNVU#97614828:
- Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849)
- 2024/04/24 JVNVU#91883072:
- NETGEAR routers vulnerable to buffer overflow
- 2024/04/24 JVN#62737544:
- Multiple vulnerabilities in RoamWiFi R10
- 2024/04/23 JVNTA#90371415:
- Multiple third-party kernel drivers for Windows vulnerable to improper access control on IOCTL
- 2024/04/23 JVN#40079147:[Unreachable]
- TvRock vulnerable to denial-of-service (DoS)
- 2024/04/23 JVN#24683352:[Unreachable]
- TvRock vulnerable to cross-site request forgery
- 2024/04/22 JVNVU#98274902:
- Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer
- 2024/04/19 JVNVU#91216202:
- Armeria-saml improperly handles SAML messages
- 2024/04/19 JVNVU#91696361:
- LINE client for iOS vulnerable to improper server certificate verification
- 2024/04/18 JVN#50132400:
- Multiple vulnerabilities in WordPress Plugin "Forminator"