Vulnerability Reports

2025

2025/04/28 JVNVU#90649144:

Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS

2025/04/25 JVN#82536398:

Multiple vulnerabilities in Quick Agent

2025/04/25 JVNVU#97907980:

Security Update for Trend Micro Trend Vision One (April 2025)

2025/04/24 JVN#84627857:

i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key

2025/04/18 JVN#22348866:[Critical]

Active! mail vulnerable to stack-based buffer overflow

2025/04/10 JVN#30641875:

Multiple vulnerabilities in BizRobo!

2025/04/10 JVNVU#94912671:

TP-Link Deco BE65 Pro vulnerable to OS command injection

2025/04/08 JVNVU#98349623:

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)

2025/04/04 JVNVU#93925742:

Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'

2025/04/03 JVN#59547048:

WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass

2025/04/02 JVN#17260367:

Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products

2025/04/01 JVN#87266215:

WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization

2025/04/01 JVNVU#93701955:

Out-of-bounds Write vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers

2025/03/28 JVNVU#92821536:

Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers

2025/03/28 JVN#66982699:[Critical]

a-blog cms vulnerable to untrusted data deserialization

2025/03/26 JVN#39026557:

Multiple vulnerabilities in PowerCMS

2025/03/25 JVNVU#91154745:

Multiple vulnerabilities in CHOCO TEI WATCHER mini

2025/03/25 JVN#26321838:

Multiple vulnerabilities in AssetView

2025/03/19 JVN#04278547:

Multiple vulnerabilities in home gateway HGW-BL1500HM

2025/03/18 JVN#11230428:

+F FS010M vulnerable to OS command injection

2025/03/12 JVN#19358384:

hostapd vulnerable to improper processing of RADIUS packets

2025/03/06 JVN#24992507:

Multiple vulnerabilities in RemoteView Agent (for Windows)

2025/02/28 JVNVU#96398949:

Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)

2025/02/19 JVN#91300609:

RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres

2025/02/19 JVN#48742353:

Multiple cross-site scripting vulnerabilities in Movable Type

2025/02/17 JVNVU#92320053:

Out-of-bounds read vulnerability in OMRON CX-Programmer

2025/02/17 JVNVU#96297631:

Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs

2025/02/17 JVN#26024080:

Multiple vulnerabilities in The LuxCal Web Calendar

2025/02/17 JVNVU#97639704:

ASUSTeK COMPUTER Lyra mini vulnerable to improper authentication

2025/02/17 JVNVU#92071645:

"RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel

2025/02/14 JVN#96957439:

acmailer CGI and acmailer DB vulnerable to OS command injection

2025/02/14 JVN#65447879:

Multiple vulnerabilities in NEC Aterm series (NV25-003)

2025/02/14 JVNVU#92227620:

Out-of-bounds read vulnerability in Cente middleware

2025/02/13 JVN#80527854:

Multiple vulnerabilities in FileMegane

2025/02/12 JVN#84319378:

acmailer vulnerable to cross-site scripting

2025/02/05 JVN#66673020:

Multiple vulnerabilities in Defense Platform Home Edition

2025/02/04 JVN#94806805:

WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

2025/01/29 JVN#23839833:

SXF Common Library vulnerable to improper input data handling

2025/01/28 JVNVU#93455283:

Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers

2025/01/28 JVN#88046370:

WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting

2025/01/27 JVN#05508012:

EXIF Viewer Classic vulnerable to cross-site scripting

2025/01/22 JVN#15293958:

Multiple vulnerabilities in I-O DATA router UD-LT2

2025/01/21 JVN#83855727:

FortiWeb vulnerable to SQL injection

2025/01/15 JVNVU#92217718:

Linux Ratfor vulnerable to stack-based buffer overflow

2025/01/14 JVNVU#99653331:

Multiple vulnerabilities in STEALTHONE D220/D340/D440

2025/01/14 JVNVU#98734299:

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer

2025/01/14 JVNVU#96335720:

OMRON NJ/NX series vulnerable to path traversal

2025/01/08 JVN#57428125:

PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting

2025/01/08 JVNVU#99901190:

Multiple vulnerabilities in FUJIFILM Business Innovation Xerox FreeFlow Core

2024

2024/12/24 JVNVU#92980681:

Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element

2024/12/20 JVNVU#95720792:

Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024)

2024/12/16 JVN#08430039:

"Shonen Jump+" App for Android fails to restrict custom URL schemes properly

2024/12/16 JVN#61635834:

Multiple vulnerabilities in SHARP routers

2024/12/13 JVNVU#91084137:

Multiple vulnerabilities in FXC AE1021 and AE1021PE

2024/12/13 JVNVU#90748215:

WordPress Plugin "My WP Customize Admin/Frontend" vulnerable to cross-site scripting

2024/12/05 JVNVU#93693807:

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

2024/12/04 JVN#46615026:[Critical]

Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX

2024/12/02 JVN#53958863:

Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers

2024/11/29 JVN#43845108:

Multiple FCNT Android devices vulnerable to authentication bypass

2024/11/28 JVNVU#97531313:

Multiple vulnerabilities in FUJI ELECTRIC products

2024/11/27 JVN#88385716:

HAProxy vulnerable to HTTP request/response smuggling

2024/11/26 JVN#87182660:

WordPress Plugin "WP Admin UI Customize" vulnerable to cross-site scripting

2024/11/21 JVNVU#92857077:

Multiple vulnerabilities in Edgecross Basic Software for Windows

2024/11/20 JVN#16114985:

"Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

2024/11/20 JVNVU#99607268:

Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)

2024/11/18 JVNVU#90667116:

Multiple vulnerabilities in Rakuten Turbo 5G

2024/11/15 JVN#36791327:

Multiple vulnerabilities in FitNesse

2024/11/13 JVN#05136799:

WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting

2024/11/12 JVNVU#90676195:

Multiple vulnerabilities in SoftBank Mesh Wi-Fi router RP562B

2024/11/05 JVNVU#96058081:

Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control

2024/11/01 JVNVU#95685374:

Incorrect authorization vulnerability in OMRON Sysmac Studio

2024/10/31 JVN#87770340:

Stack-based buffer overflow vulnerability in multiple Ricoh laser printers and MFPs which implement Web Image Monitor

2024/10/31 JVNVU#95001899:

REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers

2024/10/31 JVNVU#94153896:

Command injection vulnerability in Trend Micro Cloud Edge

2024/10/30 JVN#11779839:

Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials

2024/10/28 JVN#78335885:

Chatwork Desktop Application (Windows) uses a potentially dangerous function

2024/10/25 JVNVU#95063136:

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

2024/10/25 JVN#00876083:

Multiple vulnerabilities in baserCMS

2024/10/21 JVNVU#93072012:

Multiple SQL injection vulnerabilities in Trend Micro Deep Discovery Inspector

2024/10/18 JVN#41397971:

Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

2024/10/18 JVN#57285747:

N-LINE vulnerable to HTML injection

2024/10/18 JVN#31982676:

MUSASI version 3 performing authentication on client-side

2024/10/15 JVN#58721679:

SHIRASAGI vulnerable to path traversal

2024/10/11 JVN#74538317:

Multiple vulnerabilities in Exment

2024/10/10 JVN#54676967:

baserCMS plugin "BurgerEditor" vulnerable to directory listing

2024/10/02 JVNVU#92808077:

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

2024/10/01 JVN#72148744:

Apache Tomcat improper handling of TLS handshake process data

2024/09/30 JVNVU#95133448:

Insecure initial password configuration issue in SEIKO EPSON Web Config

2024/09/30 JVN#39280069:

RevoWorks Cloud vulnerable to unintended process execution

2024/09/30 JVN#42445661:

Multiple vulnerabilities in Smart-tab

2024/09/27 JVN#21176842:

MF Teacher Performance Management System vulnerable to cross-site scripting

2024/09/27 JVNVU#91077448:

SNMP service is enabled by default in Sharp NEC Display Solutions projectors

2024/09/24 JVN#57749899:

The installer of e-Tax software(common program) vulnerable to privilege escalation

2024/09/24 JVN#78356367:

Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions

2024/09/24 JVN#81966868:

Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

2024/09/18 JVNVU#90142679:

Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders

2024/09/18 JVN#19766555:

Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

2024/09/18 JVN#42386607:

Assimp vulnerable to heap-based buffer overflow

2024/09/09 JVN#05579230:

Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

2024/09/09 JVN#67456481:

Pgpool-II vulnerable to information disclosure

2024/09/09 JVN#65724976:

WordPress Plugin "Forminator" vulnerable to cross-site scripting

2024/09/09 JVN#81570776:

"@cosme" App fails to restrict custom URL schemes properly

2024/09/06 JVN#32529796:

Multiple products from KINGSOFT JAPAN vulnerable to path traversal

2024/09/06 JVN#49873988:

Secure Boot bypass Vulnerability in PRIMERGY

2024/09/04 JVN#67963942:

WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

2024/08/30 JVN#29238389:

IPCOM vulnerable to information disclosure

2024/08/30 JVN#25264194:

Multiple vulnerabilities in WordPress plugin "Carousel Slider"

2024/08/30 JVNVU#96959731:

Multiple vulnerabilities in IDEC PLCs

2024/08/30 JVNVU#99905584:

Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflow

2024/08/29 JVNVU#96242582:

Multiple vulnerabilities in IDEC Operator Interfaces products

2024/08/29 JVN#08342147:

WindLDR and WindO/I-NV4 store sensitive information in cleartext

2024/08/28 JVNVU#96498690:

xfpt vulnerable to stack-based buffer overflow

2024/08/27 JVN#24885537:

Multiple vulnerabilities in ELECOM wireless LAN routers and access points

2024/08/23 JVN#12824024:

BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection

2024/08/22 JVN#83440451:

Multiple Safie products vulnerable to improper server certificate verification

2024/08/20 JVN#56648919:

"Rakuten Ichiba App" fails to restrict custom URL schemes properly

2024/08/06 JVN#78728294:

Firmware update for RICOH JavaTM Platform resets the TLS configuration

2024/08/06 JVN#29845579:

Cybozu Office vulnerable to bypass browsing restrictions in Custom App

2024/08/05 JVN#70666401:

Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN

2024/08/05 JVN#50850706:

Pimax Play and PiTool accept WebSocket connections from unintended endpoints

2024/07/30 JVN#26734798:

FFRI AMC vulnerable to OS command injection

2024/07/30 JVN#26225832:

EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting

2024/07/30 JVN#48324254:

EC-CUBE 4 Series improper input validation when installing plugins

2024/07/30 JVN#06672778:

Multiple vulnerabilities in ELECOM wireless LAN routers

2024/07/29 JVN#84326763:

Multiple vulnerabilities in SKYSEA Client View

2024/07/29 JVN#16420523:

SDoP vulnerable to stack-based buffer overflow

2024/07/26 JVN#02030803:

ORC vulnerable to stack-based buffer overflow

2024/07/23 JVNVU#98330908:

Multiple products from Check Point Software Technologies vulnerable to information disclosure

2024/07/18 JVN#87710540:

Assimp vulnerable to heap-based buffer overflow

2024/07/16 JVNVU#96424864:

Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series

2024/07/16 JVN#74825766:

Cybozu Garoon vulnerable to cross-site scripting

2024/07/16 JVN#25583987:

FUJITSU Network Edgiot GW1500 vulnerable to path traversal

2024/07/10 JVN#14294633:

Out-of-bounds write vulnerability in Ricoh MFPs and printers

2024/07/09 JVN#81442045:

Multiple vulnerabilities in multiple Webmin products

2024/07/08 JVN#28515217:

Cleartext transmission issue in TONE store App to TONE store

2024/07/03 JVN#94347255:

JP1/Extensible SNMP Agent fails to restrict access permissions

2024/06/28 JVN#01073312:

"Piccoma" App uses a hard-coded API key for an external service

2024/06/27 JVNVU#99784493:

Multiple TP-Link products vulnerable to OS command injection

2024/06/26 JVN#34977158:

WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

2024/06/21 JVNVU#91384468:

LINE client for iOS vulnerable to universal cross-site scripting

2024/06/19 JVNVU#99027428:

Multiple vulnerabilities in multiple Trend Micro products

2024/06/19 JVN#37818611:

"ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

2024/06/19 JVN#60331535:

WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page

2024/06/18 JVN#00442488:

Multiple vulnerabilities in Ricoh Streamline NX PC Client

2024/06/18 JVN#65171386:

Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR

2024/06/14 JVNVU#97136265:

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

2024/06/12 JVN#25594256:

Denial-of-service (DoS) vulnerability in IPCOM WAF function

2024/06/07 JVN#79213252:

WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

2024/06/07 JVN#55045256:

Multiple vulnerabilities in "FreeFrom - the nostr client" App

2024/06/03 JVN#43215077:

Multiple vulnerabilities in UNIVERSAL PASSPORT RX

2024/05/31 JVNVU#93051062:

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

2024/05/31 JVNVU#94872523:

Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection

2024/05/30 JVN#80506242:

awkblog vulnerable to OS command injection

2024/05/29 JVN#22182715:

Redmine DMSF Plugin vulnerable to path traversal

2024/05/29 JVN#15637138:

EC-Orange vulnerable to authorization bypass

2024/05/28 JVNVU#97214223:

ELECOM wireless LAN routers vulnerable to OS command injection

2024/05/28 JVN#17680667:

Multiple vulnerabilities in Unifier and Unifier Cast

2024/05/28 JVN#71404925:

Multiple vulnerabilities in UTAU

2024/05/27 JVNVU#92504444:

OMRON NJ/NX series vulnerable to insufficient verification of data authenticity

2024/05/24 JVN#56781258:

Splunk Config Explorer vulnerable to cross-site scripting

2024/05/24 JVN#35838128:

WordPress Plugin "WP Booking" vulnerable to cross-site scripting

2024/05/21 JVN#29471697:

Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

2024/05/17 JVN#85380030:

WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal

2024/05/16 JVNVU#95120091:

Panasonic KW Watcher vulnerable to memory buffer error

2024/05/15 JVNVU#92249385:

Ruijie BCR810W/BCR860 vulnerable to OS command injection

2024/05/15 JVNVU#95350607:

Multiple vulnerabilities in Field Logic DataCube

2024/05/13 JVN#28869536:

Multiple vulnerabilities in Cybozu Garoon

2024/05/10 JVNVU#99669446:

Central Dogma vulnerable to cross-site scripting

2024/05/10 JVN#83405304:

"OfferBox" App uses a hard-coded secret key

2024/05/10 JVN#61054671:

Phormer vulnerable to cross-site scripting

2024/05/09 JVN#97751842:

Multiple vulnerabilities in MosP kintai kanri

2024/05/08 JVN#87694318:

WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting