Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/09/15 12:0 a.m.•22 views

JVN#30900552: EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files

EC-CUBE plugin "Product Image Bulk Upload Plugin", a plugin that enables to upload image files, provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files CWE-20. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary...

9.8CVSS9.5AI score0.00982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/03 12:0 a.m.•22 views

JVN#87683137: Norton Security for Mac improperly processes ICMP packets

Norton Security for Mac provided by NortonLifeLock Inc. is antivirus software. Norton Security for Mac improperly processes ICMP packets, which may result in OS to crash CWE-20. Impact An unprivileged user may cause a denial-of-service DoS condition on the OS. Solution Update the Software Update...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/21 6:59 a.m.•22 views

The installer of Digital Paper App may insecurely load Dynamic Link Libraries

Overview Digital Paper App provided by Sony Corporation is document management software exclusively for Sony Digital Paper. The installer of Digital Paper App contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT...

7.8CVSS7AI score0.01282EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/07 12:0 a.m.•22 views

JVN#49408248: OneThird CMS vulnerable to cross-site scripting

OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the language selection screen. Impact An arbitrary script may be executed on the user's web browser. Solution For the users who have installed OneThird CMS already: Update th...

6.1CVSS6.2AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 5:26 a.m.•22 views

H2O use-after-free vulnerability

Overview H2O is an open source web server software. H2O contains a use-after-free vulnerability CWE-416 due to a flaw in the process of upgrading from HTTP/1 to HTTP/2. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated...

9.1CVSS6.9AI score0.02184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/01/19 12:0 a.m.•22 views

JVN#88559134: SYNCK GRAPHICA Download Log CGI vulnerable to directory traversal

Download Log CGI provided by SYNCK GRAPHICA contains an issue in processing file names, which may result in a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files on the server. Solution Update the Software Update to the latest version according to the informatio...

5CVSS6.4AI score0.01911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/18 12:0 a.m.•23 views

JVN#27531188: Cakifo vulnerable to cross-site scripting

Cakifo is a theme for WordPress. Cakifo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the theme Update to the latest version according to the information provided by the developer. Products Affected Cakifo 1.0 ...

3.5CVSS5.8AI score0.01489EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 12:0 a.m.•22 views

JVN#22670349: AndExplorer vulnerable to directory traversal

AndExplorer provided by LYSESOFT contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

6.4CVSS6.7AI score0.01521EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/10 12:0 a.m.•22 views

JVN#88313872: ZIP with Pass vulnerable to directory traversal

ZIP with Pass provided by aokitaka contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

5.8CVSS6.6AI score0.01142EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/11/02 12:0 a.m.•22 views

JVN#52264310: MosP kintai kanri vulnerable to authentication bypass

MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability. Impact An attacker with a MosP kintai kanri account may impersonate another user. As a result, information may be obtained and settings may be altered with the...

5.5CVSS6.5AI score0.01139EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/06/07 12:0 a.m.•22 views

JVN#18397171: FeedDemon vulnerable to arbitrary script execution

FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's...

2.6CVSS6.3AI score0.01803EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 12:0 a.m.•22 views

JVN#38216398: osCommerce vulnerable to directory traversal

osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by the...

5CVSS6.5AI score0.096EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/12 12:0 a.m.•22 views

JVN#92854093 Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

4.3CVSS6.1AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/01 12:0 a.m.•22 views

JVN#38687002 Compiere vulnerable to cross-site scripting

Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different from JVN57963254. Impact An arbitrary script may be executed on the user's web browser...

4.3CVSS5.8AI score0.01528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/04/02 12:0 a.m.•22 views

JVN#74747784 XOOPS Cube Legacy cross-site scripting vulnerability

XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Legacy distribution "Hodajuku distribution" and "additional modules" are not affected by this...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/02/25 12:0 a.m.•22 views

JVN#91591874 PEAK XOOPS piCal cross-site scripting vulnerability

piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/29 12:0 a.m.•22 views

JVN#84125369 Blogn vulnerable to cross-site request forgery

Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability. Impact Contents created by Blogn may be editted or modified if the logged in user views a malicious web page. Solution Update the Software Apply the latest update provided by the...

6.8CVSS6.5AI score0.00581EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/25 12:0 a.m.•22 views

JVN#05088443 CGI RESCUE WebFORM vulnerable to HTTP header injection

Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" released from CGI RESCUE also contains a similar vulnerability...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/04 1:40 a.m.•21 views

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (February 2026)

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. Impact Remote code execution due to a directory traversal vulnerability...

9.8CVSS7.8AI score0.03811EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/03 2:19 a.m.•21 views

Multiple vulnerabilities in multiple Keyence products

Overview Multiple products provided by KEYENCE CORPORATION contain multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2025-58775, CVE-2025-58776 Access of uninitialized pointer CWE-824 - CVE-2025-58777 Buffer underflow CWE-124 - CVE-2025-61690 Out-of-bounds read...

8.4CVSS7.6AI score0.0017EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/10 12:0 a.m.•21 views

JVN#61054671: Phormer vulnerable to cross-site scripting

Phormer contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Phormer version 3.35 was released...

6.1CVSS5.8AI score0.00738EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/27 5:31 a.m.•21 views

SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries

Overview SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and...

7.8CVSS6.9AI score0.00188EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/21 12:0 a.m.•21 views

JVN#35897618: GBrowse vulnerable to unrestricted upload of files with dangerous types

GBrowse provided by Generic Model Organism Database Project is a web-based genome browser. GBrowse allows the users to upload their own data in several file formats see "GBrowse User Uploads". The affected versions of GBrowse accept files with any formats uploaded CWE-434, and place them in the...

9.8CVSS9.8AI score0.00984EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/09/30 12:0 a.m.•21 views

JVN#78862034: BookStack vulnerable to cross-site scripting

BookStack contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the site using the API of the product. Solution Update the Software Update the software to the latest version according to the information...

5.4CVSS5.3AI score0.00692EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 12:0 a.m.•21 views

JVN#29428319: WordPress Plugin "OG Tags" vulnerable to cross-site request forgery

WordPress Plugin "OG Tags" provided by Mário Valney contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according...

8.8CVSS8.7AI score0.00716EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/27 5:26 a.m.•21 views

Multiple vulnerabilities in I-O DATA WN-AX1167GR

Overview WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. Hard-coded credentials CWE-798 - CVE-2017-2280 OS command injection CWE-78 - CVE-2017-2281 Buffer overflow CWE-119 - CVE-2017-2282 Taizoh Tsukamoto of Mitsu...

8.8CVSS8.2AI score0.00843EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/08 12:0 a.m.•21 views

JVN#78482127: EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting

EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" provided by Cyber-Will Inc. contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...

6.1CVSS6AI score0.01625EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 12:0 a.m.•21 views

JVN#55801246: baserCMS plugin "Casebook Plugin" multiple vulnerabilities

baserCMS plugin "Casebook Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forger...

8.8CVSS7.4AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/09 12:0 a.m.•21 views

JVN#02671769: phpRechnung vulnerable to SQL injection

phpRechnung is a web-based accounting software. list.php of phpRechnung contains an SQL injection CWE-89 vulnerability. Impact An authenticated attacker may obtain or alter information stored in the database. Solution Update the Software Update to the latest version according to the information...

6.5CVSS6.9AI score0.01061EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/05 12:0 a.m.•21 views

JVN#75720314: Tiki Wiki CMS Groupware vulnerable to SQL injection

Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a SQL injection vulnerability. Impact An arbitrary SQL command may be executed in the database the product is referencing. Solution Apply an Update Apply the appropriate update for the version of the software being use...

7.5CVSS7.4AI score0.01868EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/12/20 12:0 a.m.•21 views

JVN#69589791: Boat Browser / Boat Browser Mini vulnerable in the WebView class

Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed...

2.1CVSS6.2AI score0.00341EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/11/14 12:0 a.m.•21 views

JVN#74829345: Multiple Android devices vulnerable to denial-of-service (DoS)

Multiple Android devices contain an issue when referencing specific system area, which may lead to a denial-of-service DoS. Impact The device may crash as a result of accessing a specific file. Solution Update the software Update to the latest version according to the information provided by the...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/15 8:14 a.m.•21 views

cforms II vulnerable to cross-site scripting

Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...

4.3CVSS6.1AI score0.04285EPSS
Exploits3References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/08 12:0 a.m.•21 views

JVN#16901583: ChaSen vulnerable to buffer overflow

ChaSen provided by Nara Institute of Science and Technology is a software for morphologically analyzing Japanese. ChaSen contains an issue when reading in strings, which may lead to a buffer overflow. ChaSen legacy project has inherited development of ChaSen since 11/8/2011. Impact An arbitrary...

9.3CVSS6.1AI score0.04153EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/08 12:0 a.m.•21 views

JVN#36673836: Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

4.3CVSS6AI score0.0125EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/11/06 12:0 a.m.•21 views

JVN#67060882 sISAPILocation vulnerability bypasses HTTP header rewrite function

sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services. sISAPILocation contains a vulnerability that allows the HTTP header rewrite function to be bypassed. Impact When sISAPILocation is used to configure settings, such as to specify charact...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/21 12:0 a.m.•21 views

JVN#89292430 Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server

Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/05/18 12:0 a.m.•21 views

JVN#92832583 Advance-Flow cross-site scripting vulnerability

Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms are not affected by this vulnerability and some are, depending on the contents of the application forms. Impact An arbitrary script may be execute...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/30 12:0 a.m.•21 views

JVN#62399483 Overlay Weaver cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Overlay Weaver 0.5.9 - 0.5.11 For more information, refer to the vendor's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/22 12:0 a.m.•21 views

JVN#64227086 NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability

Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu. Arbitrary files on client PCs could be accessed by an attacker. Solution Products Affected NewsGlue 1.3.3 and earlier Ikinari Jijyoutsuu version 1.0.0 and 1.0.1...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/23 12:0 a.m.•21 views

JVN#32985115 Movable Type cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser or the display of a web page could be falsified. In addition, an attacker may be able to access a user's cookie allowing them to view sensitive information or hijack an authenticated user's session. Solution Products Affected...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/07/20 12:0 a.m.•21 views

JVN#60776919 tDiary cross-site request forgery vulnerability

Impact If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execute an arbitrary script or command on the web server running tDiary with privileges of the tDiary user. Solution Products Affected...

5.1CVSS6.8AI score0.01911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/12 6:16 a.m.•20 views

Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)

Overview Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Use of Hard-coded Cryptographic Key in creating backup of configuration files CWE-321 - CVE-2026-25107 OS command injection in processing of pingipaddr parameter...

9.8CVSS6.5AI score0.01633EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/16 5:32 a.m.•20 views

Multiple vulnerabilities in V-SFT

Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Free of Pointer not at Start of Buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function CWE-761 CVE-2025-47749 Out-of-bounds Write in VS6MemInIF!settemptypedefault function CWE-787...

8.4CVSS7.1AI score0.00211EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 12:0 a.m.•20 views

JVN#65724976: WordPress Plugin "Forminator" vulnerable to cross-site scripting

WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to cross-site...

6.1CVSS6.3AI score0.0041EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/20 12:0 a.m.•20 views

JVN#56648919: "Rakuten Ichiba App" fails to restrict custom URL schemes properly

"Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to...

6.1CVSS6AI score0.003EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/30 12:0 a.m.•20 views

JVN#26225832: EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting

EC-CUBE plugin for EC-CUBE 4 series "EC-CUBE Web API Plugin" provided by EC-CUBE CO.,LTD. contains a stored cross-site scripting vulnerability CWE-79 in OAuth Management feature. Impact When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the...

6.1CVSS5.7AI score0.00271EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/16 12:0 a.m.•20 views

JVN#74825766: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by...

5.4CVSS5.3AI score0.00249EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/21 12:0 a.m.•20 views

JVN#29471697: Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the...

4.8CVSS4.8AI score0.00217EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/25 12:0 a.m.•20 views

JVN#69107517: TvRock vulnerable to cross-site scripting

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user accessing the website th...

6.1CVSS6.1AI score0.00313EPSS
Exploits0
Total number of security vulnerabilities5000