Joomla! CMS vulnerable to cross-site scripting

Overview Joomla! CMS provided by Joomla! Project contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-63082 Sho Sugiyama of SUZUKI MOTOR CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

KLA90932 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...

Siemens SIMATIC CN 4100

SUMMARY SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general...

Siemens RUGGEDCOM CROSSBOW Station Access Controller

SUMMARY RUGGEDCOM CROSSBOW Station Access Controller SAC contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station...

CVE-2025-30151

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...

KLA82886 DoS vulnerability in Apache Tomcat

Out of bounds memory read vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Denial of Service via invalid HTTP priority header Related products Apache-Tomcat CVE list CVE-2025-31650 critical Solution Update to...

KLA78283 Multiple vulnerabilities in Apache Tomcat

Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability can be exploited remotely...

PT-2024-34956 · Figoli Quinn & Associates · Figoli Quinn & Associates Mobile Kiosk

Name of the Vulnerable Software and Affected Versions: Figoli Quinn & Associates Mobile Kiosk versions n/a through 1.3.0 WordPress Mobile Kiosk Plugin version 1.3.0 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site...

PT-2024-8622 · Hashicorp +4 · Hashicorp Consul +5

Name of the Vulnerable Software and Affected Versions: Consul affected versions not specified Consul Enterprise affected versions not specified Description: A vulnerability exists in Consul due to the lack of protection of the web page structure, allowing a remote attacker to conduct a cross-site...

"Hulu" App for iOS vulnerable to improper server certificate verification

Overview "Hulu" App for iOS provided by HJ Holdings, Inc. is vulnerable to improper server certificate verification CWE-295. Shungo Kumasaka of GMO Cyber Security by IERAE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Multiple cross-site scripting vulnerabilities in Exment

Overview Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Stored cross-site scripting vulnerability in upload files CWE-79 - CVE-2020-5620 Ryoya Koyama of...

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Script injection due to a flaw in processing cookie CWE-74 - CVE-2019-6034 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this...

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Browse restriction bypass in the application "Address" CWE-284 - CVE-2019-6023 Two vulnerabilities were reported by the following...

NetCommons3 vulnerable to cross-site scripting

Overview NetCommons3 provided by The NetCommons Project contains a cross-site scripting vulnerability CWE-79. Toshiki Sasazaki of Waseda University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrar...

DHC Online Shop App for Android fails to verify SSL server certificates

Overview DHC Online Shop App for Android provided by DHC Corporation fails to verify SSL server certificates. Sho Ueshima and Tsuyoshi Ogawa of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

SOY CMS vulnerable to directory traversal

Overview SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. SOY CMS contains a directory traversal vulnerability CWE-22 due to a flaw in processing shopid parameter. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

DERAEMON-CMS vulnerable to cross-site scripting

Overview DERAEMON-CMS provided by TEAM DERAEMONS is a content management system CMS. install.php in DERAEMON-CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing of the parameters hostname, database and username. Satoshi Ogawa of Mitsui Bussan Secure Directions, In...

mobiGate App fails to verify SSL server certificates

Overview mobiGate App provided by Nihon Unisys, Ltd. fails to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to Nihon Unisys, Ltd., and Nihon Unisys, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

Cross-site scripting vulnerability in WordPress plugin WP-OliveCart

Overview WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site scripting vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under...

RSS News AutoPilot Script 1.0.1/3.1.0 - Admin Panel Authentication Bypass

Exploit Title: RSS News AutoPilot Script - Admin Panel Authentication Bypass Date: 14 October 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Software Link: https://codecanyon.net/item/rss-news-autopilot-script/11812898 Version: 1.0.1 to 3.1.0...