Vulnerability Reports
2024
- 2024/10/10 JVN#54676967:
- baserCMS plugin "BurgerEditor" vulnerable to directory listing
- 2024/10/02 JVNVU#92808077:
- Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software
- 2024/10/01 JVN#72148744:
- Apache Tomcat improper handling of TLS handshake process data
- 2024/09/30 JVNVU#95133448:
- Insecure initial password configuration issue in SEIKO EPSON Web Config
- 2024/09/30 JVN#39280069:
- RevoWorks Cloud vulnerable to unintended process execution
- 2024/09/30 JVN#42445661:
- Multiple vulnerabilities in Smart-tab
- 2024/09/27 JVN#21176842:
- MF Teacher Performance Management System vulnerable to cross-site scripting
- 2024/09/27 JVNVU#91077448:
- SNMP service is enabled by default in Sharp NEC Display Solutions projectors
- 2024/09/24 JVN#57749899:
- The installer of e-Tax software(common program) vulnerable to privilege escalation
- 2024/09/24 JVN#78356367:
- Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions
- 2024/09/24 JVN#81966868:
- Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices
- 2024/09/18 JVNVU#90142679:
- Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders
- 2024/09/18 JVN#19766555:
- Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
- 2024/09/18 JVN#42386607:
- Assimp vulnerable to heap-based buffer overflow
- 2024/09/09 JVN#05579230:
- Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery
- 2024/09/09 JVN#67456481:
- Pgpool-II vulnerable to information disclosure
- 2024/09/09 JVN#65724976:
- WordPress Plugin "Forminator" vulnerable to cross-site scripting
- 2024/09/09 JVN#81570776:
- "@cosme" App fails to restrict custom URL schemes properly
- 2024/09/06 JVN#32529796:
- Multiple products from KINGSOFT JAPAN vulnerable to path traversal
- 2024/09/06 JVN#49873988:
- Secure Boot bypass Vulnerability in PRIMERGY
- 2024/09/04 JVN#67963942:
- WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
- 2024/08/30 JVN#29238389:
- IPCOM vulnerable to information disclosure
- 2024/08/30 JVN#25264194:
- Multiple vulnerabilities in WordPress plugin "Carousel Slider"
- 2024/08/30 JVNVU#96959731:
- Multiple vulnerabilities in IDEC PLCs
- 2024/08/30 JVNVU#99905584:
- Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflow
- 2024/08/29 JVNVU#96242582:
- Multiple vulnerabilities in IDEC Operator Interfaces products
- 2024/08/29 JVN#08342147:
- WindLDR and WindO/I-NV4 store sensitive information in cleartext
- 2024/08/28 JVNVU#96498690:
- xfpt vulnerable to stack-based buffer overflow
- 2024/08/27 JVN#24885537:
- Multiple vulnerabilities in ELECOM wireless LAN routers and access points
- 2024/08/23 JVN#12824024:
- BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection
- 2024/08/22 JVN#83440451:
- Multiple Safie products vulnerable to improper server certificate verification
- 2024/08/20 JVN#56648919:
- "Rakuten Ichiba App" fails to restrict custom URL schemes properly
- 2024/08/06 JVN#78728294:
- Firmware update for RICOH JavaTM Platform resets the TLS configuration
- 2024/08/06 JVN#29845579:
- Cybozu Office vulnerable to bypass browsing restrictions in Custom App
- 2024/08/05 JVN#70666401:
- Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN
- 2024/08/05 JVN#50850706:
- Pimax Play and PiTool accept WebSocket connections from unintended endpoints
- 2024/07/30 JVN#26734798:
- FFRI AMC vulnerable to OS command injection
- 2024/07/30 JVN#26225832:
- EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting
- 2024/07/30 JVN#48324254:
- EC-CUBE 4 Series improper input validation when installing plugins
- 2024/07/30 JVN#06672778:
- Multiple vulnerabilities in ELECOM wireless LAN routers
- 2024/07/29 JVN#84326763:
- Multiple vulnerabilities in SKYSEA Client View
- 2024/07/29 JVN#16420523:
- SDoP vulnerable to stack-based buffer overflow
- 2024/07/26 JVN#02030803:
- ORC vulnerable to stack-based buffer overflow
- 2024/07/23 JVNVU#98330908:
- Multiple products from Check Point Software Technologies vulnerable to information disclosure
- 2024/07/18 JVN#87710540:
- Assimp vulnerable to heap-based buffer overflow
- 2024/07/16 JVNVU#96424864:
- Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series
- 2024/07/16 JVN#74825766:
- Cybozu Garoon vulnerable to cross-site scripting
- 2024/07/16 JVN#25583987:
- FUJITSU Network Edgiot GW1500 vulnerable to path traversal
- 2024/07/10 JVN#14294633:
- Out-of-bounds write vulnerability in Ricoh MFPs and printers
- 2024/07/09 JVN#81442045:
- Multiple vulnerabilities in multiple Webmin products
- 2024/07/08 JVN#28515217:
- Cleartext transmission issue in TONE store App to TONE store
- 2024/07/03 JVN#94347255:
- JP1/Extensible SNMP Agent fails to restrict access permissions
- 2024/06/28 JVN#01073312:
- "Piccoma" App uses a hard-coded API key for an external service
- 2024/06/27 JVNVU#99784493:
- Multiple TP-Link products vulnerable to OS command injection
- 2024/06/26 JVN#34977158:
- WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery
- 2024/06/21 JVNVU#91384468:
- LINE client for iOS vulnerable to universal cross-site scripting
- 2024/06/19 JVNVU#99027428:
- Multiple vulnerabilities in multiple Trend Micro products
- 2024/06/19 JVN#37818611:
- "ZOZOTOWN" App for Android fails to restrict custom URL schemes properly
- 2024/06/19 JVN#60331535:
- WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page
- 2024/06/18 JVN#00442488:
- Multiple vulnerabilities in Ricoh Streamline NX PC Client
- 2024/06/18 JVN#65171386:
- Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR
- 2024/06/14 JVNVU#97136265:
- Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
- 2024/06/12 JVN#25594256:
- Denial-of-service (DoS) vulnerability in IPCOM WAF function
- 2024/06/07 JVN#79213252:
- WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection
- 2024/06/07 JVN#55045256:
- Multiple vulnerabilities in "FreeFrom - the nostr client" App
- 2024/06/03 JVN#43215077:
- Multiple vulnerabilities in UNIVERSAL PASSPORT RX
- 2024/05/31 JVNVU#93051062:
- Multiple vulnerabilities in Sharp and Toshiba Tec MFPs
- 2024/05/31 JVNVU#94872523:
- Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection
- 2024/05/30 JVN#80506242:
- awkblog vulnerable to OS command injection
- 2024/05/29 JVN#22182715:
- Redmine DMSF Plugin vulnerable to path traversal
- 2024/05/29 JVN#15637138:
- EC-Orange vulnerable to authorization bypass
- 2024/05/28 JVNVU#97214223:
- ELECOM wireless LAN routers vulnerable to OS command injection
- 2024/05/28 JVN#17680667:
- Multiple vulnerabilities in Unifier and Unifier Cast
- 2024/05/28 JVN#71404925:
- Multiple vulnerabilities in UTAU
- 2024/05/27 JVNVU#92504444:
- OMRON NJ/NX series vulnerable to insufficient verification of data authenticity
- 2024/05/24 JVN#56781258:
- Splunk Config Explorer vulnerable to cross-site scripting
- 2024/05/24 JVN#35838128:
- WordPress Plugin "WP Booking" vulnerable to cross-site scripting
- 2024/05/21 JVN#29471697:
- Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification
- 2024/05/17 JVN#85380030:
- WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal
- 2024/05/16 JVNVU#95120091:
- Panasonic KW Watcher vulnerable to memory buffer error
- 2024/05/15 JVNVU#92249385:
- Ruijie BCR810W/BCR860 vulnerable to OS command injection
- 2024/05/15 JVNVU#95350607:
- Multiple vulnerabilities in Field Logic DataCube
- 2024/05/13 JVN#28869536:
- Multiple vulnerabilities in Cybozu Garoon
- 2024/05/10 JVNVU#99669446:
- Central Dogma vulnerable to cross-site scripting
- 2024/05/10 JVN#83405304:
- "OfferBox" App uses a hard-coded secret key
- 2024/05/10 JVN#61054671:
- Phormer vulnerable to cross-site scripting
- 2024/05/09 JVN#97751842:
- Multiple vulnerabilities in MosP kintai kanri
- 2024/05/08 JVN#87694318:
- WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting
- 2024/05/07 JVNVU#97614828:
- Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849)
- 2024/04/24 JVNVU#91883072:
- NETGEAR routers vulnerable to buffer overflow
- 2024/04/24 JVN#62737544:
- Multiple vulnerabilities in RoamWiFi R10
- 2024/04/23 JVNTA#90371415:
- Multiple third-party kernel drivers for Windows vulnerable to improper access control on IOCTL
- 2024/04/23 JVN#40079147:[Unreachable]
- TvRock vulnerable to denial-of-service (DoS)
- 2024/04/23 JVN#24683352:[Unreachable]
- TvRock vulnerable to cross-site request forgery
- 2024/04/22 JVNVU#98274902:
- Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer
- 2024/04/19 JVNVU#91216202:
- Armeria-saml improperly handles SAML messages
- 2024/04/19 JVNVU#91696361:
- LINE client for iOS vulnerable to improper server certificate verification
- 2024/04/18 JVN#50132400:
- Multiple vulnerabilities in WordPress Plugin "Forminator"
- 2024/04/16 JVN#23835228:
- Proscend Communications M330-W and M330-W5 vulnerable to OS command injection
- 2024/04/15 JVN#58236836:
- Multiple vulnerabilities in BUFFALO wireless LAN routers
- 2024/04/10 JVN#70977403:
- Multiple vulnerabilities in a-blog cms
- 2024/04/08 JVN#50361500:
- Multiple vulnerabilities in WordPress Plugin "Ninja Forms"
- 2024/04/05 JVN#82074338:
- Multiple vulnerabilities in NEC Aterm series
- 2024/04/04 JVNVU#94016877:
- Multiple vulnerabilities in Cente middleware
- 2024/04/04 JVNVU#91975826:
- Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN router MZK-MF300N
- 2024/04/01 JVNVU#99285099:
- FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password
- 2024/03/29 JVNVU#92825069:
- KEYENCE VT STUDIO may insecurely load Dynamic Link Libraries
- 2024/03/29 JVNVU#95439120:
- Multiple vulnerabilities in KEYENCE KV STUDIO, KV REPLAY VIEWER, and VT5-WX15/WX12
- 2024/03/29 JVN#23528780:
- "Yahoo! JAPAN" App vulnerable to cross-site scripting
- 2024/03/27 JVNVU#93932313:
- SEEnergy SVR-116 vulnerable to OS command injection
- 2024/03/27 JVN#40367518:
- SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries
- 2024/03/27 JVN#51098626:
- Multiple vulnerabilities in WordPress Plugin "Survey Maker"
- 2024/03/26 JVNVU#95381465:
- Multiple vulnerabilities in ELECOM wireless LAN routers
- 2024/03/25 JVN#46874970:[Unreachable]
- 0ch BBS Script (0ch) vulnerable to cross-site scripting
- 2024/03/25 JVN#17176449:[Unreachable]
- ffBull vulnerable to OS command injection
- 2024/03/25 JVN#40523785:[Unreachable]
- Mini Thread vulnerable to cross-site scripting
- 2024/03/25 JVN#22376992:[Unreachable]
- WebProxy vulnerable to OS command injection
- 2024/03/25 JVN#69107517:[Unreachable]
- TvRock vulnerable to cross-site scripting
- 2024/03/25 JVN#13113728:[Unreachable]
- "EasyRange" may insecurely load executable files
- 2024/03/25 JVN#86206017:
- WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery
- 2024/03/22 JVNVU#93546510:
- Multiple vulnerabilities in home gateway HGW BL1500HM
- 2024/03/22 JVNVU#90953541:
- BUFFALO LinkStation 200 series vulnerable to arbitrary code execution
- 2024/03/21 JVNVU#90671953:
- Sangoma Technologies CG/MG family driver cg6kwin2k.sys vulnerable to insufficient access control on its IOCTL
- 2024/03/18 JVN#94521208:
- Multiple vulnerabilities in FitNesse
- 2024/03/15 JVN#70640802:
- "ABEMA" App for Android fails to restrict access permissions
- 2024/03/08 JVN#48443978:
- a-blog cms vulnerable to directory traversal
- 2024/03/07 JVN#54451757:
- Multiple vulnerabilities in SKYSEA Client View
- 2024/03/07 JVNVU#95852116:
- OMRON NJ/NX series vulnerable to path traversal
- 2024/03/06 JVN#34328023:
- FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery
- 2024/03/06 JVN#82749078:
- Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management
- 2024/03/06 JVN#52919306:
- Toyoko Inn official App vulnerable to improper server certificate verification
- 2024/02/29 JVN#35928117:
- Protection mechanism failure in RevoWorks
- 2024/02/29 JVN#77203800:
- OET-213H-BTS1 missing authorization check in the initial configuration
- 2024/02/29 JVN#78084105:
- OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting
- 2024/02/27 JVN#73283159:
- Multiple vulnerabilities in baserCMS
- 2024/02/21 JVNVU#93534773:
- Multiple vulnerabilities in multiple Trend Micro products
- 2024/02/21 JVNVU#96033712:
- Multiple vulnerabilities in Trend Micro Apex Central
- 2024/02/20 JVNVU#99444194:
- ELECOM wireless LAN routers vulnerable to OS command injection
- 2024/02/20 JVN#44166658:
- Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
- 2024/02/15 JVN#48966481:
- a-blog cms vulnerable to URL spoofing
- 2024/02/14 JVNVU#93381734:
- Android App "Mopria Print Service" vulnerable to improper intent handling
- 2024/02/07 JVN#44033918:
- Zeroshell vulnerable to OS command injection
- 2024/02/06 JVN#18743512:
- Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)
- 2024/02/06 JVNVU#90033405:
- Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers
- 2024/02/05 JVNVU#97836276:
- Sharp NEC Display Solutions' public displays vulnerable to local file inclusion
- 2024/02/02 JVNVU#93740658:
- Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2
- 2024/02/02 JVNVU#99844997:
- Incorrect permission assignment vulnerability in Trend Micro uiAirSupport
- 2024/02/01 JVN#63567545:
- Group Office vulnerable to cross-site scripting
- 2024/02/01 JVN#41129639:
- Payment EX vulnerable to information disclosure
- 2024/01/30 JVNVU#94591337:
- Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services
- 2024/01/24 JVN#70818619:
- "Mercari" App for Android fails to restrict custom URL schemes properly
- 2024/01/24 JVN#93541851:
- Oracle WebLogic Server vulnerable to HTTP header injection
- 2024/01/23 JVN#96154238:
- Android App "Spoon" uses a hard-coded API key for an external service
- 2024/01/23 JVN#77736613:
- Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
- 2024/01/23 JVN#01434915:
- Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"
- 2024/01/23 JVN#40049211:
- Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense
- 2024/01/23 JVNVU#90908488:
- ELECOM wireless LAN routers vulnerable to OS command injection
- 2024/01/23 JVNVU#99896362:
- Yamaha wireless LAN access point devices vulnerable to active debug code
- 2024/01/22 JVN#73587943:
- Access analysis CGI An-Analyzer vulnerable to open redirect
- 2024/01/22 JVN#34565930:
- Multiple vulnerabilities in a-blog cms
- 2024/01/19 JVN#67215338:
- FusionPBX vulnerable to cross-site scripting
- 2024/01/18 JVN#83655695:
- Multiple Dahua Technology products vulnerable to authentication bypass
- 2024/01/16 JVN#63383723:
- Drupal vulnerable to improper handling of structural elements
- 2024/01/15 JVN#51135247:
- Pleasanter vulnerable to cross-site scripting
- 2024/01/15 JVN#96240417:
- Thermal camera TMC series vulnerable to insufficient technical documentation
- 2024/01/12 JVN#37326856:
- Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"
- 2024/01/09 JVNVU#92102247:
- Multiple vulnerabilities in Panasonic Control FPWIN Pro7
- 2024/01/09 JVNVU#91401812:
- Multiple TP-Link products vulnerable to OS command injection
2023
- 2023/12/26 JVN#32646742:
- Multiple vulnerabilities in PowerCMS
- 2023/12/26 JVN#23771490:
- Multiple vulnerabilities in BUFFALO VR-S1000
- 2023/12/22 JVNVU#97943829:
- Brother iPrint&Scan Desktop for Windows vulnerable to improper link resolution before file access
- 2023/12/14 JVNVU#97876221:
- WordPress plugin "MW WP Form" vulnerable to arbitrary file upload
- 2023/12/13 JVN#18715935:
- Multiple vulnerabilities in GROWI
- 2023/12/12 JVNVU#97499577:
- ELECOM wireless LAN routers vulnerable to OS command injection
- 2023/12/11 JVN#34145838:
- Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series
- 2023/12/08 JVNVU#98954443:
- Multiple vulnerabilities in Edgecross Basic Software for Windows
- 2023/12/06 JVNVU#92152057:[Critical]
- FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection
- 2023/12/04 JVN#46895889:
- RakRak Document Plus vulnerable to path traversal
- 2023/12/01 JVN#45891816:
- Ruckus Access Point vulnerable to cross-site scripting
- 2023/11/20 JVN#15005948:
- Multiple vulnerabilities in LuxCal Web Calendar
- 2023/11/17 JVNVU#98954968:
- Multiple vulnerabilities in EXPRESSCLUSTER X
- 2023/11/17 JVN#22220399:
- Multiple vulnerabilities in CubeCart
- 2023/11/17 JVN#13618065:
- Redmine vulnerable to cross-site scripting
- 2023/11/16 JVNVU#99077347:
- Multiple vulnerabilities in First Corporation's DVRs
- 2023/11/15 JVNVU#96079387:
- ASUSTeK COMPUTER RT-AC87U vulnerable to improper access control
- 2023/11/14 JVNVU#94119876:
- Multiple vulnerabilities in ELECOM and LOGITEC routers
- 2023/11/14 JVN#67822421:
- OSS Calendar vulnerable to SQL injection
- 2023/11/13 JVN#96209256:
- Multiple vulnerabilities in Pleasanter
- 2023/11/13 JVN#17806703:
- Multiple vulnerabilities in Cisco Firepower Management Center Software
- 2023/11/10 JVNVU#98040889:
- Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)
- 2023/11/10 JVNVU#93840158:
- Multiple vulnerabilities in FUJI ELECTRIC products
- 2023/11/10 JVN#99177549:
- HOTELDRUID vulnerable to cross-site scripting
- 2023/11/10 JVN#86156389:
- Remarshal unlimitedly expanding YAML alias nodes
- 2023/11/07 JVN#29195731:
- EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution
- 2023/11/02 JVN#14762986:
- Improper restriction of XML external entity references (XXE) in e-Tax software
- 2023/11/01 JVNVU#96482726:
- FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength
- 2023/10/31 JVN#94132951:
- Cybozu Remote Service vulnerable to uncontrolled resource consumption
- 2023/10/31 JVNVU#99565391:
- MCL Technologies MCL-Net vulnerable to directory traversal
- 2023/10/30 JVN#48057522:
- Inkdrop vulnerable to code injection
- 2023/10/27 JVN#45547161:
- Multiple vulnerabilities in baserCMS
- 2023/10/26 JVNVU#97149791:
- Advanced Micro Devices Windows kernel drivers vulnerable to insufficient access control on its IOCTL
- 2023/10/25 JVN#39139884:
- Movable Type vulnerable to cross-site scripting
- 2023/10/23 JVNVU#98683567:
- Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Designer
- 2023/10/23 JVN#02058996:
- HP ThinUpdate vulnerable to improper server certificate verification
- 2023/10/19 JVN#28846531:
- Multiple vulnerabilities in JustSystems products
- 2023/10/18 JVN#95981460:[Critical]
- Improper restriction of XML external entity references (XXE) in Proself
- 2023/10/17 JVNVU#98392064:
- Multiple vulnerabilities in JTEKT ELECTRONICS OnSinView2
- 2023/10/16 JVN#80476432:
- web2py vulnerable to OS command injection
- 2023/10/16 JVN#58574030:
- Scanning evasion issue in Cisco Secure Email Gateway