CVE-2026-22617

Eaton Intelligent Power Protector IPP uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on t...

CVE-2026-22617

Eaton Intelligent Power Protector IPP uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on t...

Siemens SINEC NMS

SUMMARY SINEC NMS is affected by SQL injection vulnerability that could allow an authenticated low privileged attacker to exploit by inserting malicious data and achieve privilege escalation. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. 2...

Vulnerabilities fixed in MediaWiki

The developers of MediaWiki have fixed a number of vulnerabilities fixed in the latest software update. A malicious party could potentially exploit the vulnerabilities potentially exploit them to gain access to sensitive data, because in certain circumstances user data may end up in accessible...

Apache Struts 2 vulnerable to remote code execution (S2-061)

Overview Apache Struts 2 provided by The Apache Software Foundation contains a remote code execution vulnerability due to improper input validation CWE-20. Masato Anzai of Aeye Security Lab, inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

KinagaCMS vulnerable to cross-site scripting

Overview KinagaCMS is an opensource Contents Management System CMS. KinagaCMS uses the old version of Bootstrap thus inherits multiple cross-site scripting vulnerabilities CWE-79: CVE-2018-14040, CVE-2018-14041, CVE-2019-8331 existed in Bootstrap. Project Kinaga reported this vulnerability to IPA...

Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries

Overview Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

Teikihoukokusho Sakuseishien Tool may insecurely load Dynamic Link Libraries

Overview Teikihoukokusho Sakuseishien Tool provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. The tool is provided as a ZIP archive. It is assumed that a user extracts the too...

JVN#53292345: Teikihoukokusho Sakuseishien Tool may insecurely load Dynamic Link Libraries

Teikihoukokusho Sakuseishien Tool provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. The tool is provided as a ZIP archive. It is assumed that a user extracts the tool the...