Lucene search
K

23 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/22 6:45 a.m.17 views

DeepL Chrome browser extension vulnerable to cross-site scripting

Overview DeepL Chrome browser extension contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-40451 This vulnerability was reported by the researchers below and JPCERT/CC coordinated with the developer. Junki Yuasa of Cybozu, Inc. reported this vulnerability to JPCERT/CC...

6.1CVSS6.2AI score0.00168EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.120 views

📄 ChurchCRM 6.8.0 Information Disclosure Tester

ChurchCRM versions 6.8.0 and earlier expose the installation setup endpoint without proper access restrictions. If the setup process remains accessible after deployment, it may allow unauthorized users to interact with configuration parameters. This misconfiguration increases the risk of...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.152 views

📄 WP-Polls 2.73 Cross Site Scripting

A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...

6.1CVSS4.9AI score0.00917EPSS
Exploits1
ICS
ICS
added 2026/01/13 12:0 a.m.6 views

Siemens TeleControl Server Basic

SUMMARY TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. Siemens has released a new version for TeleControl Server Basic and recommends to update to the latest version. 2...

8.8CVSS7.4AI score0.00144EPSS
Exploits0References10
OSV
OSV
added 2025/09/10 5:10 p.m.8 views

GHSA-QXFV-FCPC-W36X Claude Code rg vulnerability does not protect against approval prompt bypass

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will...

8.7CVSS7.3AI score0.00512EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2025/05/27 12:0 a.m.8 views

KLA84380 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, perform cross-site scripting attack, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1...

8.1CVSS7.9AI score0.00513EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2025/03/04 12:0 a.m.11 views

KLA81178 SB vulnerability in LibreOffice

Validation of untrusted input vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2025-1080: Macro URL arbitrary script execution Related products LibreOffice CVE list CVE-2025-1080 high Solution Update to...

7.2CVSS8.3AI score0.00291EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/31 5:10 a.m.7 views

SUSHIRO App for Android outputs sensitive information to the log file

Overview SUSHIRO App for Android provided by AKINDO SUSHIRO CO., LTD. outputs sensitive information to the log file CWE-532. Impact An attacker may obtain a credential information from the log file. Solution Update the Application Update the application to the latest version according to the...

7.5CVSS6.5AI score0.00784EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/14 6:10 a.m.5 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Improper authentication CWE-287 - CVE-2021-20737 Impact The expected impact depends on each vulnerability, but it may be affected as follows. A user who can access the...

9.1CVSS7.1AI score0.01307EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/24 5:25 a.m.2 views

Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution

Overview Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter b...

8.8CVSS7AI score0.01587EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/14 4:39 a.m.2 views

Multiple Trend Micro products vulnerable to denial-of-service (DoS)

Overview Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service DoS vulnerability CWE-400. BlackWingCat of Pink Flying Whale reported this...

6.2CVSS6.5AI score0.00365EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2018/04/18 12:0 a.m.48 views

Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery

Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities Google Dork: N/A Date: 17-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com Software Link:...

7.4AI score
Exploits0
Kaspersky
Kaspersky
added 2017/09/19 12:0 a.m.93 views

KLA11106 Multiple vulnerabilities in Apache Tomcat

Multiple serious vulnerabilities have been found in Apache Tomcat. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and obtain sensitive information. Below is a complete list of vulnerabilities: 1. A vulnerability related to VirtualDirConte...

8.1CVSS8.5AI score0.99607EPSS
Exploits20References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/10 4:57 a.m.4 views

Self-Extracting Archives created by File Compact may insecurely load Dynamic Link Libraries

Overview File Compact provided by SOURCENEXT CORPORATION is compression/decompression software. It can also create self-extracting archive files. Self-extracting archive files created by File Compact contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

9.3CVSS6.8AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/24 5:36 a.m.4 views

Research Artisan Lite vulnerable to cross-site scripting

Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite contains multiple cross-site scripting vulnerabilities CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.1AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/18 5:14 a.m.5 views

Ruby on Rails library Paperclip vulnerable to cross-site scripting

Overview Paperclip provided by thoughtbot is a library to upload files in Ruby on Rails. Paperclip contains a persistent cross-site scripting vulnerability CWE-79. MORI Shingo of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.3CVSS6.2AI score0.02121EPSS
Exploits1References6
Kaspersky
Kaspersky
added 2015/01/07 12:0 a.m.50 views

KLA10453 Multiple vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. These vulnerabilities can be exploited via a specially designed packet. Original advisories - Related products Wireshark CVE list CVE-2015-0564 warning...

5CVSS6.4AI score0.05606EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2014/05/13 12:0 a.m.42 views

KLA10028 ACE vulnerability in Adobe Illustrator

An unspecified vulnerability was found in Adobe Illustrator CS6. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited from the network at a point related to an unspecified application. Original advisories Adobe bulletin Related products...

10CVSS7.5AI score0.05599EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/05/10 12:0 a.m.40 views

BeeCMS v3.4 后台验证绕过

/includes/fun.php 弱验证导致后台验证绕过 0 v3.4 更新到最新版本...

7.1AI score
Exploits0
Kaspersky
Kaspersky
added 2013/09/08 12:0 a.m.64 views

KLA10208 OSI vulnerability in IBM Security AppScan

Weak encryption algorithms were found in IBM Security AppScan. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely at a point related to SSL. Original advisories - Related products...

5CVSS6.3AI score0.00721EPSS
Exploits1References2
Rows per page
Query Builder