Vulnerability Reports

past 12 months20212020201920182017201620152014201320122011201020092008

2021

2021/12/24 JVNVU#95192472:
Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems
2021/12/24 JVNVU#92279973:
Multiple vulnerabilities in IDEC PLCs
2021/12/23 JVNVU#94883311:
TP-Link TL-WR802N V4(JP) vulnerable to OS command injection
2021/12/22 JVN#66422035:
Android Apps developed using Yappli fails to restrict custom URL schemes properly
2021/12/22 JVNVU#95429813:
Multiple vulnerabilities in QNAP VioStar NVR
2021/12/20 JVN#79798166:
Multiple vulnerabilities in GroupSession
2021/12/17 JVN#13464252:
UNIVERGE DT Series vulnerable to missing encryption of sensitive data
2021/12/08 JVNVU#98117192:
Multiple vulnerabilities in Trend Micro Security 2021 family (Consumer)
2021/12/02 JVN#09136401:
Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"
2021/11/30 JVNVU#94527926:
Multiple vulnerabilities in multiple ELECOM routers
2021/11/30 JVN#88993473:
Multiple vulnerabilities in multiple ELECOM LAN routers
2021/11/30 JVN#19482703:
Wi-Fi STATION SH-52A vulnerable to cross-site scripting
2021/11/26 JVNVU#95400836:
Trend Micro Antivirus for MAC vulnerable to improper access controls
2021/11/26 JVN#81376414:
Multiple vulnerabilities in baserCMS
2021/11/25 JVN#93562098:
WordPress Plugin "Browser and Operating System Finder" vulnerable to cross-site request forgery
2021/11/24 JVN#17645965:
PowerCMS XMLRPC API vulnerable to OS command injection
2021/11/16 JVN#85492429:
WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery
2021/11/16 JVN#22515597:
rwtxt vulnerable to cross-site scripting
2021/11/12 JVN#58407606:
Unlimited Sitemap Generator vulnerable to cross-site request forgery
2021/11/11 JVN#75444925:
Multiple vulnerabilities in EC-CUBE 2 series
2021/11/10 JVN#68066589:
WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting
2021/11/09 JVNVU#91161784:
Multiple vulnerabilities in multiple Yamaha routers
2021/10/29 JVN#69304877:
Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X
2021/10/29 JVN#49465877:
Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent
2021/10/29 JVN#60553023:
ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)
2021/10/28 JVN#33453839:
Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
2021/10/25 JVNVU#92842857:
Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation
2021/10/20 JVN#41119755:[Critical]
Movable Type XMLRPC API vulnerable to OS command injection
2021/10/18 JVN#85073657:
128 Technology Session Smart Router vulnerable to authentication bypass
2021/10/15 JVNVU#90041391:
OMRON CX-Supervisor vulnerable to out-of-bounds read
2021/10/08 JVN#51106450:
Apache HTTP Server vulnerable to directory traversal
2021/10/08 JVN#89126639:
Nike App fails to restrict custom URL schemes properly
2021/09/30 JVNVU#99520559:
Trend Micro ServerProtect family vulnerable to authentication bypass
2021/09/30 JVN#52694228:
Multiple vulnerabilities in Cybozu Remote Service
2021/09/29 JVNVU#99718667:
Trend Micro HouseCall for Home Networks vulnerable to privilege escalation
2021/09/28 JVN#29428319:
WordPress Plugin "OG Tags" vulnerable to cross-site request forgery
2021/09/28 JVN#63023305:
InBody App vulnerable to information disclosure
2021/09/28 JVN#10168753:
SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification
2021/09/17 JVN#42866574:
Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
2021/09/16 JVN#23406150:
EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting
2021/09/13 JVN#46313661:
EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting
2021/09/10 JVN#81658818:
Multiple vulnerabilities in RevoWorks Browser
2021/09/02 JVNVU#94699053:
Trend Micro Security family vulnerable to improper handling of Directory Junction
2021/08/27 JVN#14134801:
baserCMS vulnerable to cross-site scripting
2021/08/25 JVN#97545738:
Multiple cross-site scripting vulnerabilities in Movable Type
2021/08/24 JVN#80288258:
The installers of multiple Sony products may insecurely load Dynamic Link Libraries
2021/08/19 JVNVU#95261759:
Multiple vulnerabilities in Navigate CMS
2021/08/18 JVNVU#90091573:
Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises
2021/08/17 JVN#41646618:
Huawei EchoLife HG8045Q vulnerable to OS command injection
2021/08/16 JVNVU#92088210:
Multiple vulnerabilities in D-Link router DSL-2750U
2021/08/12 JVN#50804280:
Plone vulnerable to open redirect
2021/08/10 JVN#65388002:
WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting
2021/08/02 JVN#54794245:
Multiple vulnerabilities in Cybozu Garoon
2021/07/29 JVNVU#93876919:[Critical]
Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises
2021/07/21 JVN#53278122:
Minecraft Java Edition vulnerable to directory traversal
2021/07/19 JVN#86026700:
Multiple vulnerabilities in GroupSession
2021/07/16 JVNVU#94115268:
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) vulnerable to cross-site scripting
2021/07/14 JVN#34364599:
Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery
2021/07/13 JVN#26891339:
Multiple vulnerabilities in Retty App
2021/07/09 JVN#68971465:
voidtools "Everything" vulnerable to HTTP header injection
2021/07/08 JVN#89054582:
WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery
2021/07/08 JVN#48413554:
WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery
2021/07/07 JVN#25850723:
GU App for Android fails to restrict access permissions
2021/07/06 JVN#42880365:
WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery
2021/07/06 JVN#91372527:
WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery
2021/07/06 JVNVU#94260088:
Multiple vulnerabilities in Elecom routers
2021/07/05 JVNVU#93149000:
Multiple vulnerabilities in Trend Micro Password Manager
2021/07/05 JVN#21636825:
A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass
2021/07/01 JVN#57942445:
EC-CUBE fails to restrict access permissions
2021/06/30 JVN#15185184:
IkaIka RSS Reader vulnerable to cross-site scripting
2021/06/30 JVN#65660590:
boastMachine vulnerable to cross-site scripting
2021/06/23 JVN#95292458:
Multiple cross-site scripting vulnerabilities in EC-CUBE
2021/06/23 JVN#63066062:
WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting
2021/06/22 JVN#93799513:
WordPress plugin "Fudousan plugin" series vulnerable to cross-site scripting
2021/06/22 JVN#29949691:
Inkdrop vulnerable to OS command injection
2021/06/18 JVN#21298724:
Hitachi Virtual File Platform vulnerable to OS command injection
2021/06/17 JVN#03776901:
Hitachi Application Server Help vulnerable cross-site scripting
2021/06/15 JVN#57524494:
Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE
2021/06/15 JVN#79254445:[Critical]
Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting
2021/06/14 JVN#95457785:
Multiple vulnerabilities in GROWI
2021/06/14 JVN#38034268:
あすけん App for Android fails to restrict custom URL schemes properly
2021/06/11 JVN#70566757:
WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting
2021/06/09 JVNVU#92417259:
Multiple vulnerabilities in Trend Micro Home Network Security
2021/06/07 JVNVU#92413403:
urllib3 vulnerable to Regular expression Denial-of-Service (ReDoS)
2021/06/03 JVN#64064138:
ATOM - Smart life App vulnerable to improper server certificate verification
2021/06/02 JVN#91691168:
goo blog App fails to restrict custom URL schemes properly
2021/05/31 JVNVU#92862829:
Multiple vulnerabilities in Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers
2021/05/31 JVNVU#93332929:
Multiples security updates for multiple Trend Micro products (May 2021)
2021/05/26 JVN#98239374:
Zettlr vulnerable to cross-site scripting
2021/05/21 JVN#53910556:
Multiple cross-site scripting vulnerabilities in multiple PHP Factory products
2021/05/21 JVN#78254777:
Installer of Overwolf may insecurely load Dynamic Link Libraries
2021/05/21 JVN#74686032:
QND vulnerable to privilege escalation
2021/05/21 JVN#65733194:
The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries
2021/05/14 JVN#49704918:
mod_auth_openidc vulnerable to denial-of-service (DoS)
2021/05/14 JVN#71263107:
Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points
2021/05/13 JVN#34232719:
Multiple vulnerabilities in KonaWiki2
2021/05/13 JVN#13076220:
RFNTPS vulnerable to OS command injection
2021/05/10 JVN#97554111:[Critical]
EC-CUBE vulnerable to cross-site scripting
2021/05/10 JVNVU#97581596:
Multiple vulnerabilities in Trend Micro Apex One, OfficeScan, and Worry-Free Business Security series
2021/04/27 JVNVU#99235714:
Multiple vulnerabilities in Buffalo broadband routers
2021/04/27 JVNVU#90274525:
Multiple Buffalo network devices contain hidden functionality
2021/04/27 JVN#35240327:
WordPress plugin "WP Fastest Cache" vulnerable to directory traversal
2021/04/27 JVN#97434260:
Hot Pepper Gourmet App fails to restrict access permissions
2021/04/22 JVN#55833077:[Unreachable]
yappa-ng vulnerable to cross-site scripting
2021/04/21 JVNVU#93491927:[Critical]
Multiple vulnerabilities in Apex One, Apex One as a Service and OfficeScan
2021/04/20 JVNVU#93009588:
Memory Exhaustion Denial-of-Service (DoS) vulnerability in Trend Micro Scan Engine
2021/04/20 JVNVU#92208501:
Multiple vulnerabilities in Worry-Free Business Security
2021/04/20 JVNVU#97680506:
Multiple vulnerabilities in Worry-Free Business Security Services
2021/04/19 JVNVU#98074915:
Trend Micro Password Manager may insecurely load Dynamic Link Libraries
2021/04/14 JVN#54025691:
Gurunavi Apps fail to restrict access permissions
2021/04/09 JVN#29739718:
Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
2021/04/09 JVN#67456944:
Multiple vulnerabilities in multiple Aterm products
2021/04/09 JVNVU#92898656:
D-Link DAP-1880AC contains multiple vulnerabilities
2021/04/01 JVN#73236007:
Archive collectively operation utility vulnerable to directory traversal
2021/03/26 JVN#64869876:
Multiple vulnerabilities in baserCMS
2021/03/25 JVN#68244135:[Unreachable]
rNote vulnerable to cross-site scripting
2021/03/25 JVN#94705238:[Unreachable]
Yomi-Search vulnerable to cross-site scripting
2021/03/25 JVN#83042295:[Unreachable]
Yomi-Search vulnerable to cross-site scripting
2021/03/25 JVN#37179202:[Unreachable]
Yomi-Search vulnerable to cross-site scripting
2021/03/25 JVN#93207949:[Unreachable]
Click Ranker vulnerable to cross-site scripting
2021/03/25 JVN#11438679:[Unreachable]
Kagemai vulnerable to cross-site request forgery
2021/03/25 JVN#42220311:[Unreachable]
Kagemai vulnerable to cross-site scripting
2021/03/25 JVN#12559271:[Unreachable]
Kagemai vulnerable to cross-site scripting
2021/03/25 JVN#97370614:[Unreachable]
MagazinegerZ vulnerable to cross-site scripting
2021/03/22 JVN#12737530:
UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)
2021/03/19 JVN#37607293:
Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
2021/03/17 JVN#08191557:
WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection
2021/03/15 JVN#45797538:
Multiple vulnerabilities in Cybozu Office
2021/03/12 JVN#47497535:
M-System DL8 contains multiple vulnerabilities
2021/03/11 JVN#18056666:
Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries
2021/03/10 JVN#86438134:
Multiple cross-site scripting vulnerabilities in GROWI
2021/03/08 JVNVU#94889258:
Multiple vulnerabilities in GROWI
2021/03/05 JVN#68418039:
The installers of E START products may insecurely load Dynamic Link Libraries
2021/03/05 JVNVU#99545969:
Trend Micro Security (Consumer) vulnerable to code injection
2021/02/24 JVN#66542874:
Multiple cross-site scripting vulnerabilities in Movable Type
2021/02/19 JVN#37417423:
Multiple vulnerabilities in SolarView Compact
2021/02/16 JVN#58774946:[Critical]
FileZen vulnerable to OS command injection
2021/02/15 JVN#87164507:
Calsos CSDJ fails to restrict access permissions
2021/02/10 JVN#80785288:
Wekan vulnerable to cross-site scripting
2021/02/05 JVN#50470170:
WordPress Plugin "Name Directory" vulnerable to cross-site request forgery
2021/02/04 JVN#42252698:
Panasonic Video Insight VMS vulnerable to arbitrary code execution
2021/02/03 JVNVU#98209799:
Trend Micro HouseCall for Home Networks (Windows Edition) may insecurely load Dynamic Link Libraries
2021/02/01 JVNVU#99814910:
Multiple vulnerabilities in the installer of Trend Micro Security 2020 (Consumer)
2021/01/27 JVN#41853173:
OS command injection vulnerability in multiple Infoscience Corporation log management tools
2021/01/26 JVN#96783542:
Multiple vulnerabilities in multiple LOGITEC products
2021/01/26 JVN#98115035:
Android App "ELECOM File Manager" vulnerable to directory traversal
2021/01/26 JVN#47580234:
Multiple vulnerabilities in multiple ELECOM products