Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/05 12:0 a.m.•27 views

JVN#50850706: Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpointsCWE-923. Impact Arbitrary code may be executed by a remote unauthenticated attacker. Solution Update the Software For Pimax Play, update the software to the latest version according to the information...

9.8CVSS9.5AI score0.0064EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/10 12:0 a.m.•27 views

JVN#83405304: "OfferBox" App uses a hard-coded secret key

"OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Impact The hard-coded secret key for JWT may be retrieved if the application binary is reverse-engineered. Solution The hard-coded secret key has been revoked by the developer on May 8, 2024 therefore this...

7.5CVSS7.2AI score0.00365EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/06 12:0 a.m.•27 views

JVN#42691027: "direct" Desktop App for macOS fails to restrict access permissions

"direct" Desktop App for macOS provided by L is B Corp. fails to restrict access permissions CWE-284. The access control mechanism provided by macOS "TCC Transparency Consent and Control" may be bypassed. Impact Camrea, microphone, etc. of the device where the product is installed may be used...

5.5CVSS5.2AI score0.00163EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/23 12:0 a.m.•27 views

JVN#55217369: Rakuten WiFi Pocket vulnerable to improper authentication

Rakuten WiFi Pocket provided by Rakuten Mobile, Inc. is a mobile router. Management Screen of Rakuten WiFi Pocket contains an improper authentication vulnerability CWE-287. Impact An attacker who can access the product may log in to the product's Management Screen. As a result, sensitive...

5.4CVSS5.5AI score0.00276EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/22 12:0 a.m.•27 views

JVN#97818024: Multiple vulnerabilities in Pleasanter

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-32607 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...

6.5CVSS6.5AI score0.01158EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/09 12:0 a.m.•27 views

JVN#80476232: SR-7100VN vulnerable to privilege escalation

SR-7100VN provided by ICOM INCORPORATED contains a privilege escalation vulnerability CWE-268. Impact A user with an administrator privilege of the product may obtain administrative privileges of the OS Operating System. As a result, an arbitrary OS command may be executed by the user. Solution...

6.8CVSS6.9AI score0.00338EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/14 12:0 a.m.•27 views

JVN#60263237: The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries

The installers of ELECOM Camera Assistant and QuickFileDealer provided by ELECOM CO.,LTD. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running application. Solution...

7.8CVSS7.7AI score0.00204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/10 12:0 a.m.•27 views

JVN#75437943: Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure

Video Multi-Tenant System Entrance Stations provided by AIPHONE CO., LTD. contain an information disclosure vulnerability CWE-200. Impact An attacker who can obtain specific information of the product and access the product may obtain sensitive information stored in the device. Solution Use the...

6.5CVSS6.2AI score0.00295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/07 12:0 a.m.•27 views

JVN#00845253: Growi vulnerable to improper access control

GROWI provided by WESEEK, Inc. contains an improper access control vulnerability CWE-284. Impact A user who can login to the affected product may download the markdown data from the pages set to private by the other users. Solution Update the software Update the software to the following versions...

6.5CVSS6.3AI score0.00782EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/24 12:0 a.m.•27 views

JVN#15241647: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

WordPress plugin "WP Statistics" provided by VeronaLabs contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the web site using the product. Solution Update the plugin Update the plugin according to th...

6.1CVSS6AI score0.00969EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/25 5:2 a.m.•27 views

Information Disclosure Vulnerability in RICOH printers

Overview Multiple RICOH printers contain Information Disclosure CWE-200. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact A user who ca...

7.5CVSS6.2AI score0.01409EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/06 12:0 a.m.•27 views

JVN#60879379: Olive Blog vulnerable to cross-site scripting

Olive Blog provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the search parameter. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Olive Blog Olive Blog is no longer being developed or maintained. It...

6.1CVSS6AI score0.00886EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 12:0 a.m.•27 views

JVN#89726415: ManageEngine ServiceDesk Plus fails to restrict access permissions

ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus fails to restrict access permissions. Impact A user logged in with guest privileges may access functions for which permissions are not granted. Solution Update the software Update to...

8.8CVSS8.6AI score0.02683EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 12:0 a.m.•27 views

JVN#18926672: Zend Framework vulnerable to SQL injection

Zend Framework is an open source web application framework. Zend Framework 1 contains an SQL injection vulnerability CWE-89 due to a flaw in processing parameters in the ORDER BY and GROUP BY clauses. Impact Information stored in the database may be obtained or altered by a remote attacker...

9.8CVSS9.6AI score0.04124EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/31 12:0 a.m.•27 views

JVN#85213412: Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection

Multiple games provided by AKABEi SOFT2 LTD. contain an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Impact When specially crafted saved data is loaded, an arbitrary OS command may be executed. Solution Apply a Workaround The following workaround can mitigate t...

7.8CVSS7.7AI score0.01534EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 12:0 a.m.•27 views

JVN#76653039: CG-WLBARGL vulnerable to command injection

CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Impact An arbitrary command may be executed by an authenticated attacker. Solution Do not use CG-WLBARGL As of Jun 22nd, 2016, there are no practical solutions to this issue. It is...

8CVSS8AI score0.01067EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:0 a.m.•27 views

JVN#69278491: Cybozu Office vulnerable to cross-site scripting

Cybozu Office contains a cross-site scripting vulnerability CWE-79 in multiple functions. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cyboz...

6.1CVSS5.9AI score0.01069EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/16 12:0 a.m.•27 views

JVN#25576608: Avast vulnerable to directory traversal

Avast contains an issue in processing archive files, which may result in a directory traversal CWE-22 vulnerability. When an archive file such as zip is detected as containing a virus and the included virus file is being moved or deleted, the operation is done to the file path inside the archive...

6.4CVSS6.4AI score0.02969EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/14 12:0 a.m.•27 views

JVN#48211537: Party Track SDK for iOS fails to verify server certificates

Party Track SDK for iOS provided by Adways Inc. fails to verify server certificates in encrypted HTTPS communications. According to the developer, in addition to communications by the SDK, communications by the application using NSURLConnection also fail to verify server certificates. Impact A...

5.8CVSS6AI score0.00593EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/09 12:0 a.m.•27 views

JVN#84982142: Pref Shimane CMS vulnerable to SQL injection

Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Impact A logged in attacker may execute arbitrary SQL statements. Solution Update the Software Update to the latest version according to the information provided by the...

6.5CVSS7.6AI score0.01711EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/02 12:0 a.m.•27 views

JVN#27548431: gollum vulnerable to file exposure

gollum is a wiki system that uses git repositories. gollum contains a vulnerability which may allow an attacker to view arbitrary files on the server. Impact A remote attacker may view arbitrary files on the server. Solution Update the Software Update to the latest version according to the...

4.3CVSS6.3AI score0.01876EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/17 12:0 a.m.•27 views

JVN#65602714: H2O vulnerable to directory traversal

H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal CWE-22 vulnerability. Impact A remote attacker may obtain arbitrary files on the server if "file.dir" directive is specified. Solution Update the Software Update to the...

4.3CVSS6.4AI score0.01655EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•27 views

JVN#71815309: Auction Camera vulnerable to URL whitelist bypass

Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/15 12:0 a.m.•27 views

JVN#75851252: "Honda Moto LINC" App for Android fails to verify SSL server certificates

"Honda Moto LINC" App for Android fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

5.9CVSS5.5AI score0.00696EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/23 12:0 a.m.•27 views

JVN#41653647: TransmitMail vulnerable to directory traversal

TransmitMail is a PHP based mail form. TransmitMail contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote attacker may view arbitrary files on the server. Solution Update the Software Update to the latest version according to t...

5CVSS6.6AI score0.01866EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/17 12:0 a.m.•27 views

JVN#97099798: eXtplorer vulnerable to cross-site scripting

eXtplorer is a web-based file manager. eXtplorer contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS5.6AI score0.01187EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/24 12:0 a.m.•27 views

JVN#42768331: Speed Software Root Explorer and Explorer vulnerable to directory traversal

Root Explorer and Explorer provided by Speed Software contain an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application...

5CVSS6.6AI score0.01639EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/01/30 12:0 a.m.•27 views

JVN#33735535: Fumy News Clipper vulnerable to cross-site scripting

Fumy News Clipper is a weblog system. Fumy News Clipper contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS5.9AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/10 12:0 a.m.•27 views

JVN#13160869: Chyrp vulnerable to cross-site scripting

Chyrp is a blogging engine. Chyrp contains a cross-site scripting vulnerability. Impact An arbitrary script which may be embedded by an authenticated attacker could be executed on the Admin user's web browser. Solution Update the software Update to the latest version according to the information...

3.5CVSS5.7AI score0.01417EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/14 12:0 a.m.•27 views

JVN#27702217: Ameba for Android contains an issue where it fails to verify SSL server certificates

Ameba for Android contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the develope...

5.8CVSS6.2AI score0.00819EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/06 12:0 a.m.•27 views

JVN#32726697: GOM Player vulnerable to denial-of-service (DoS)

GOM Player provided by Gretech contains a denial-of-service DoS vulnerability due to an issue in processing an image file. Impact When processing a specially crafted image file, the player may not be launched. Solution Update the Software Update to the latest version according to the information...

4.3CVSS6.2AI score0.01523EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/08 12:0 a.m.•27 views

JVN#35376006: Becky! Internet Mail vulnerable to buffer overflow

Becky! Internet Mail contains an issue in processing responses from a POP3 server, which may result in a buffer overflow vulnerability. Impact By receiving a specially crafted response, an arbitrary code may be executed. Solution Update the Software Update to the latest version according to the...

6.8CVSS7.2AI score0.02036EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/05/08 12:0 a.m.•27 views

JVN#68340046: intra-mart vulnerable to open redirect

intra-mart is a software framework for creating web applications. intra-mart contains an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Apply t...

5.8CVSS6.4AI score0.01168EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/22 12:0 a.m.•27 views

JVN#28812735: D-Link DES-3800 Series vulnerable to denial-of-service (DoS)

DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the Web manager function. Impact A remote attacker may cause the product to stop responding. Solution Update the Firmware Update to the latest version of firmware according to the informatio...

7.8CVSS6.1AI score0.01772EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 12:0 a.m.•27 views

JVN#38790987: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error messages, which may lead to cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the updat...

4.3CVSS6.1AI score0.01207EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/27 12:0 a.m.•27 views

JVN#98665228: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

4.3CVSS5.7AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/05/23 12:0 a.m.•27 views

JVN#00985872: EC-CUBE vulnerable to session fixation

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a session fixation vulnerability. Impact A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. Solution Apply the update or patch Apply...

4CVSS6.5AI score0.01869EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/05/08 12:0 a.m.•27 views

JVN#61972596: Online Service Gate vulnerable in Office 365 password management

Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are intended to be managed by a system administrator and cannot be obtained by users. OWA Helper...

4CVSS6.4AI score0.01174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/04/11 12:0 a.m.•27 views

JVN#65034198: Sleipnir for Windows vulnerable to address bar spoofing

Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Impact A user may misinterpret that the website is using the SSL for communications even when the site is not using SSL. Solution Update the...

5CVSS6.2AI score0.01034EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/03/26 12:0 a.m.•27 views

JVN#80922020: ArtIME Japanese Input vulnerable to information disclosure

ArtIME Japanese Input is a Japanese Input Method Editor IME for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product...

5CVSS6.2AI score0.00982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/01/31 12:0 a.m.•27 views

JVN#86040029: Weathernews Touch for Android stores location information in the system log file

Weathernews Touch provided by Weathernews Inc. is a weather forecast application. Weathernews Touch for Android contains a vulnerability that stores location information in the system log file. Impact Android applications with permissions to read system log files may obtain location information...

4.3CVSS6AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/10/23 12:0 a.m.•27 views

JVN#42676559: Safari vulnerable to local file content disclosure

Safari contains a vulnerability where a local file may be accessed from remote, which may result in a local file content disclosure. Impact By opening a specially crafted HTML document as a local file, an arbitrary local file may be obtained from remote even though access from other users is...

4.3CVSS5.8AI score0.0173EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 12:0 a.m.•27 views

JVN#97200417: SENCHA SNS vulnerable to session fixation

SENCHA SNS is an open source SNS software. SENCHA SNS contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate an honest user of the affected product. As a result, information may be altered or obtained. Solution Update the Software Update to the latest...

4.3CVSS6.4AI score0.0118EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 12:0 a.m.•27 views

JVN#20083397: Movable Type vulnerable to session hijacking

Movable Type contains a session hijacking vulnerability in entering comments and community functionality. Impact A remote unauthenticated attacker may impersonate an honest user of the affected product. Solution Update the software Update to the latest version of each product according to the...

7.5CVSS6.2AI score0.02677EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 12:0 a.m.•27 views

JVN#36559450: osCommerce Japanese version vulnerable to cross-site scripting

osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the software Update to the latest version according to the...

4.3CVSS5.9AI score0.01145EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 12:0 a.m.•27 views

JVN#54779201: Oracle WebLogic Server vulnerable to cross-site scripting

Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Impact An arbitrary script may be executed on the browser of the user who is logged into the administration console of Oracle WebLogic Server. Solution Update the Software Apply the latest update...

3.5CVSS5.5AI score0.01074EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/07 12:0 a.m.•27 views

JVN#03869266: Enkai-kun vulnerable to cross-site scripting

Enkai-kun provided by utage.org contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Versions prior t...

4.3CVSS5.9AI score0.01086EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/30 12:0 a.m.•27 views

JVN#09789751: BaserCMS vulnerable to cross-site scripting

BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...

4.3CVSS6AI score0.01542EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/19 12:0 a.m.•27 views

JVN#77697803: iVIEW Suite vulnerable to SQL injection

iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Impact A remote attacker may view or alter the information on the system. Solution Update the Software Update to the latest version according to the...

7.5CVSS7.2AI score0.01258EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/04/19 12:0 a.m.•27 views

JVN#50505257: Multiple Buffalo routers vulnerable to cross-site request forgery

Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Impact If a user views a malicious page while logged into the management screen, settings...

5.8CVSS2.1AI score0.00475EPSS
Exploits0
Total number of security vulnerabilities5000