Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/31 12:0 a.m.•47 views

JVN#56667137: Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery

MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into MTCMS or a Movable Type implementation with any of the plugins from "Products Affected" running, information...

6.8CVSS6.4AI score0.00586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/03/10 12:0 a.m.•47 views

JVN#81294135: IBM Tivoli vulnerable to denial-of-service (DoS)

IBM Tivoli contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products Affected A wid...

5CVSS8.6AI score0.2349EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/02/02 12:0 a.m.•47 views

JVN#33880169: Opera may insecurely load executable files

Opera loads certain executables .exe when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update...

7.6CVSS6.9AI score0.04513EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/05 12:0 a.m.•47 views

JVN#62868899 7-ZIP32.DLL buffer overflow vulnerability

7-ZIP32.DLL is an open source library for compression and decompression supporting 7z, zip, and some other format files. 7-ZIP32.DLL is based on "Integrated Archiver API Specification", and called from the compression/decompression software. 7-ZIP32.DLL contains a buffer overflow vulnerability. I...

6.8CVSS7.8AI score0.05556EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/18 12:0 a.m.•47 views

JVN#95019167 Internet Explorer vulnerable in handling MHTML protocol

When Internet Explorer accesses a website using MHTML MIME Encapsulation of Aggregate HTML, Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be...

4.3CVSS6.1AI score0.2504EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/03 12:0 a.m.•46 views

JVN#59547048: WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass

WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" CWE-356 security warning function for files when opening a symbolic link that points to an executable file. In the initial Windows configuration, only administrators have the privilege to create symbolic links...

6.8CVSS7.5AI score0.01233EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/28 8:33 a.m.•46 views

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview MFPs multifunction printers provided by Sharp and Toshiba Tec Corporation contain multiple vulnerabilites listed below. Out-of-bounds Read CWE-125 CVE-2024-42420 Out-of-bounds read vulnerabilities coming from improper processing of keyword search input and improper processing of SOAP...

9.8CVSS6AI score0.00729EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/21 12:0 a.m.•46 views

JVN#43561812: +Message App improper handling of Unicode control characters

+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links CWE-451. Impact A spoofed URL may be displayed and phishing attacks may be...

5.4CVSS5.1AI score0.00488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/25 12:0 a.m.•46 views

JVN#70100915: Multiple vulnerabilities in TransmitMail

TransmitMail is a PHP based mail form system. TransmitMail contains multiple vulnerabilities listed below. Directory traversal vulnerability due to the improper validation of external input values CWE-22 - CVE-2022-22146 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS7.1AI score0.02001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/19 12:0 a.m.•46 views

JVN#64806328: Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting

Multiple Canon laser printers and small office multifunctional printers contain a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the product settings screen. Solution Update the firmware Update the...

4.8CVSS4.9AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/24 12:0 a.m.•46 views

JVN#80288258: The installers of multiple Sony products may insecurely load Dynamic Link Libraries

The installers of multiple Sony products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer by following the...

7.8CVSS7.8AI score0.00315EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/24 12:0 a.m.•46 views

JVN#27806339: NETGEAR GS108Ev3 vulnerable to cross-site request forgery

GS108Ev3 switching hub provided by NETGEAR contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in to the management screen of the device, the product's settings may be changed without the user's intention or consent. Solution Update th...

6.5CVSS6.4AI score0.00628EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/06/24 12:0 a.m.•46 views

JVN#40039627: Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution

Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter by an...

8.8CVSS8.7AI score0.01587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/13 12:0 a.m.•46 views

JVN#85056623: Installer of SoundEngine Free may insecurely load Dynamic Link Libraries

Installer of SoundEngine Free contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest installer...

9.3CVSS7.7AI score0.01119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/03/13 12:0 a.m.•46 views

JVN#87226910: WebProxy vulnerable to directory traversal

WebProxy provided by LunarNight Laboratory is software for creating a proxy server. WebProxy contains a directory traversal vulnerability CWE-22 due to a flaw in processing certain requests. Impact A remote attacker may create an arbitrary file on the server where the product is running. Solution...

7.5CVSS7.4AI score0.02344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/12 12:0 a.m.•46 views

JVN#03044183: Wi-Fi STATION L-02F fails to restrict access permissions

Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions. Impact An unauthenticated remote attacker may access the web interface of the device through internet and obtain the stored setting information. Solution Apply an Update Apply the update according to the...

7.5CVSS7.5AI score0.01585EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/25 5:50 a.m.•46 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-10842 Arbitary files may be deleted - CVE-2017-10843 Arbitary PHP code execution - CVE-2017-10844 Shoji Baba reported the vulnerabilities to IPA. JPCERT/CC...

9.8CVSS8.9AI score0.01766EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/09 12:0 a.m.•46 views

JVN#67305782: Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries

Installer of CASL II simulatorself-extract format provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking t...

7.8CVSS7.7AI score0.00911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/08 12:0 a.m.•46 views

JVN#31236539: [Simeji for Windows(β)] installer may insecurely load Dynamic Link Libraries

Simeji for Windowsβ installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Do not use Simeji for...

9.3CVSS7.8AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•46 views

JVN#01404851: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, an arbitrary code may...

8.8CVSS8.9AI score0.01507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/10 12:0 a.m.•46 views

JVN#87770873: CS-Cart Japanese Edition vulnerable to cross-site request forgery

​CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery CWE-352 vulnerability. Impact If a consumer views a malicious page while logged in, an unintended item may be purchased. Solution Update the Software Update to the latest...

8.8CVSS8.7AI score0.01031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 5:26 a.m.•46 views

BlueZ userland utilities vulnerable to buffer overflow

Overview BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities. parseline function used in some userland utilities contains a buffer overflow vulnerability. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

7.8CVSS7.4AI score0.00556EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/12 12:0 a.m.•46 views

JVN#16781735: Multiple access restriction bypass vulnerabilities in Cybozu Dezie

Cybozu Dezie contains multiple access restriction bypass vulnerabilities listed below. Access restriction bypass to download DBM files - CVE-2016-7832 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Bas...

7.5CVSS6.6AI score0.01804EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/22 12:0 a.m.•46 views

JVN#00324715: Electron may insecurely load Node modules

Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron is used in applications such as Atom editor, Microsoft Visual Studio Code, etc.. Electron contains a flaw where the search...

7.8CVSS7.5AI score0.00431EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/25 12:0 a.m.•46 views

JVN#51250073: CG-WLNCM4G may behave as an open resolver

CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver. Impact The device may be leveraged for use in a DNS amplification attack and unknowingly become a part of a DDoS attack. Solution Do not use CG-WLNCM4G As of December 25,...

5.8CVSS5.5AI score0.01599EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/20 12:0 a.m.•46 views

JVN#39175666: MP Form Mail CGI eCommerce edition vulnerable to code injection

MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Impact Arbitrary Perl code may be executed on the server where it resides. Solution Update the software Update to...

7.5CVSS6.7AI score0.02443EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/02 12:0 a.m.•46 views

JVN#71762315: LG Electronics mobile access routers lack access restrictions

LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Impact An attacker that can access the device may bypass authentication and obtain information stored on the device. Solution Apply an Update Apply the update according ...

5CVSS6.4AI score0.01354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/15 12:0 a.m.•46 views

JVN#42024228: Cybozu Garoon CGI vulnerable to remote command execution

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Impact An arbitrary command may be executed on the server where Cybozu Garoon resides. Solution Update the Software Update to the latest version according to the information...

10CVSS6.6AI score0.0324EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/25 12:0 a.m.•46 views

JVN#36259412: Web Kyukincho vulnerable to cross-site request forgery

Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the...

6.8CVSS6.2AI score0.00636EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/09/25 12:0 a.m.•46 views

JVN#93344001: ATOK for Android issue in the access permissions for the learning information file

ATOK for Android provided by JUST Systems contains an issue where another application may access the learning information file which stores user input strings. Impact If a user of the affected product uses other malicious Android application, the learning information file may be obtained. Solutio...

4.3CVSS6AI score0.01204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/09/07 12:0 a.m.•46 views

JVN#59652356: Cybozu KUNAI for Android vulnerable in the WebView class

Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class. Impact When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious file being opened and information managed b...

4.3CVSS6.2AI score0.01191EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/13 12:0 a.m.•46 views

JVN#46088915: Yahoo! Browser vulnerable in the WebView class

Yahoo! Browser is a web browser for Android devices. Yahoo! Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Update t...

4.3CVSS6.1AI score0.01204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/22 12:0 a.m.•46 views

JVN#25731073: Multiple COOKPAD applications for Android vulnerable in WebView class

Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class. Impact If an user of the affected product uses other malicious Android application, the information contained in the affecte...

5CVSS6.3AI score0.01496EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/07 12:0 a.m.•46 views

JVN#84838479: Cybozu Office vulnerable in restricting access

Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions. Impact A user without the appropriate privileges may view an arbitrary user's attendance information. Solution Upgrade the Software Upgrade to Cybozu Office 9 that has addressed this...

5.5CVSS6.5AI score0.01193EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/26 12:0 a.m.•46 views

JVN#63041502: Samba Web Administration Tool vulnerable to cross-site scripting

Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. Impact An arbitrary script may be executed on the web browser of a user that is logged into SWAT...

2.6CVSS5.1AI score0.06293EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/02/23 12:0 a.m.•46 views

JVN#38362957: Lunascape may insecurely load executable files

Lunascape is a web browser. Lunascape loads certain executables when using the "script" function. Lunascape contain an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Upda...

6.2CVSS7.2AI score0.00285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/26 12:0 a.m.•46 views

JVN#95385972: MODx Evolution vulnerable to directory traversal

MODx provided by the MODx CMS Project is a Content Management System CMS software. MODx contains a directory traversal vulnerability. Impact A remote attacker may access or view arbitrary files on the server. Solution Update the software Update to the latest version according to the information...

5CVSS6.5AI score0.02388EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/26 12:0 a.m.•46 views

JVN#54824688 phpMyAdmin cross-site scripting vulnerability

phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. According to the developer, Microsoft Internet...

4.3CVSS5.3AI score0.01865EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/30 1:38 a.m.•45 views

Security Update for Trend Micro Trend Vision One (April 2025)

Overview Trend Micro Incorporated has released the security update for the administration console of Trend Vision One. This update addressed the following vulnerabilities: CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286 Trend Micro Incorporated reported these...

9CVSS7.1AI score0.00413EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/16 12:0 a.m.•45 views

JVN#63383723: Drupal vulnerable to improper handling of structural elements

Drupal provided by Drupal.org contains an improper handling of structural elements vulnerability CWE-237. Impact An attacker may be able to cause a denial-of-service DoS condition. Solution Update the Software Update the software to the latest version 10 series according to the information provid...

7.5CVSS7.2AI score0.00791EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/31 12:0 a.m.•45 views

JVN#94132951: Cybozu Remote Service vulnerable to uncontrolled resource consumption

Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Impact Certain operations performed by a logged-in user may lead to huge storage space consumption or significantly delayed communication. Solution Update the Software Update the software to...

6.5CVSS6.4AI score0.00616EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/27 12:0 a.m.•45 views

JVN#45547161: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-29009 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

9.8CVSS6.8AI score0.0097EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/18 12:0 a.m.•45 views

JVN#95981460: Improper restriction of XML external entity references (XXE) in Proself

Proself provided by North Grid Corporation improperly restricts XML external entity references XXE CWE-611. The developer states that attacks exploiting this vulnerability have been observed. Impact By processing a specially crafted request containing malformed XML data, arbitrary files on the...

7.5CVSS7.7AI score0.03542EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/06 12:0 a.m.•45 views

JVN#15808274: e-Gov Client Application fails to restrict custom URL schemes properly

e-Gov Client Application is installed, a Custom URL Scheme is configured on the system to enable invoking the product through a web browser. This custom URL contains the information about the website which the product should access, and a crafted URL may direct the application to access an...

4.3CVSS4.5AI score0.00355EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/19 12:0 a.m.•46 views

JVN#14778242: Multiple vulnerabilities in T&D and ESPEC MIC data logger products

Multiple data logger products provided by T&D Corporation and ESPEC MIC CORP. contain multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-22654 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N| Base...

9.8CVSS7.1AI score0.01252EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/15 12:0 a.m.•45 views

JVN#41694426: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3122 Denial-of-service DoS in Message CWE-400 - CVE-2023-26595 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L| Base Score: 5.0 CVSS v2| AV:N/AC:L/Au:S/C:N/I:N/A:P...

6.5CVSS5.2AI score0.00534EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/15 12:0 a.m.•45 views

JVN#01093915: Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L| Base Score: 7.2 CVSS v2|...

9.8CVSS9.8AI score0.02021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/17 12:0 a.m.•45 views

JVN#31073333: WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by a remote attacker. Solution Update the plugin Update the plugin according to the information provided by the developer. The...

7.5CVSS7.5AI score0.02941EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/08 12:0 a.m.•45 views

JVN#89126639: Nike App fails to restrict custom URL schemes properly

Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme. The app does not restrict access to the function properly CWE-939 which may be exploited to direct the app to access any sites. Impact A remote attacker may lead a user to access an arbitrary website v...

6.1CVSS6AI score0.01157EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/05 12:0 a.m.•45 views

JVN#00414047: Studyplus App uses a hard-coded API key for an external service

Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update the...

5.5CVSS5.2AI score0.00271EPSS
Exploits0
Total number of security vulnerabilities5000